source
-
Posts
100 -
Joined
-
Last visited
Never
Posts posted by source
-
-
-
1) xss in the soutbox
2) http://dreamshowstudios.net/h2/
3) messages are vulnerable to xss
4) xss in the edit profile fields.
-
-
-
you can register with the same email (THis would cause login problems...)
you login with the email.
-
read my 1St post I edited it to include some possible methods.
yeah you can just make it
if ($something ... $blah blah) {
die;
}
-
lol @ agentsteal.
i was being sarcastic. XD
(Oh, and thanks I've never thought of that, nor knew it was possible)
-
@agentsteal nah man, you're finding stuff I miss in my tests...
$var=strip_tags($var);
$var=mysql_real_escape_string($var);
using those two functions should alleviate any problems with xss/sql (Not saying that that's all you need.)
oh p.s. @AndyB won't happen again... but it wasn't that bad.
-
http://www.sinisa.milicevici.com/real_estate/admin/admin.php
I know you try to be 1337 and re-direct us, but I am 1337'er and use the stop button (or I could have used a program etc..) So what I am saying is the admin area isn't secure. (Oh, and to prove a point I deleted a user.. sorry)
To fix this just set a $_SESSION['admin']; or something with they login, and when someone visits the page do a check... for that session == a username, or alterative make it a field in the table "admin" and add yes next to your username.. etc..
also: xss http://www.sinisa.milicevici.com/real_estate/details.php?id=16
p.s. on the front page you have: http://www.sinisa.milicevici.com/real_estate/faq.php
a link to that but it does not exist.
-
also lawl... I saved the source of someone elses send message, edited the form action to send it to myn, and send <script>alert("xss");</script>
and it really [pointless expletive deleted], I mean you'll see if you fill that in all fields and click send. (no alert that I could get in the 20 seconds I worked on it... :'( )
@source: explain it properly and politely or not at all, please.
-
xss vulnerability when I public a pic, multiple fields.'
http://www.arteinsania.net/artwork/000064
XSS vuln on edit profile page
oy, dude I can cause errors on my profile page by setting values to "> etc.. and when i saved the source and messed with the maxlength vals I was able to fuck around a lot... "lives in none, united states" sure I could make that xss where the none is if I changed it's type to a form...
-
in the top left corner there is xss vuln (i search for <script>alert("xss");</script>) etc... then it gives mysql errors...
I noticed your VBULLETIN also seems to be out of date. There most likely have been security patches/checks/etc... may want to consider upgrading.
I go to say http://elitebattles.com/gamelist---1-War.html
and do the same search and I get a mysql display "Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/burly/public_html/pages/search.php on line 229"
http://elitebattles.com/files.html also same errror with same search...
http://elitebattles.com/games.html also
coding your own stuff is the way to go in the future..
-
') or ('1'='1
entering that also produces the same error (in the topic id)
-
I found nothing security wise, good job.
-
like we said, half of the links are broke how can we mess with it?
-
agentsteal!!!!! It's source from HTS if you remember me.
-
http://streamline-creations.co.uk/beta/
p.s.: Most of the links don't work so how can we test them?
Tho, your login SEEMS secure from SQL injection
-
wow: I thought I was done till I registered a site:
I registered the account "asshole" password "password"
Well I go to messages and there is NO option to send one.
2) I go to edit my page and I click edit and it logges me in as someone else ? WTF
3) Edit page doesn't work?
4) forums I was able to post a topic that was blank.
-
xss:
http://jobspokhara.com.np/display_joblist.php?category=%3Cscript%3Ealert(1);%3C/script%3E
p.s. I never got my email when I registered
p.s.s. You're image verification was REALLY HARD TO READ
-
from some simple testing I was not actually able to produce XSS, but you had some errors: for example I could get anything to appaer over the forums link (add to it) etc.. might want to fix that
-
login is vulnerable to sql injection.
-
if ($_GET['page' > 0) { do this }
Yes you should set a limit to how long their USername can be..
-
http://layoutsector.com/layouts.php?cat_id=4&page=-1
and I believe I registered with a username that contains javascript
Use PHP to check the length of the username so people can't save the source etc...
And mysqql.
I'll look more in a little
-
http://www.zwmster.com/users/98?id=98
http://www.zwmster.com/users/99?id=99
Also, while I won't provide the link your search is also vulnerable to xss...
either or/
you dont filter the name fiel that is optional upon registering
Security Test
in Beta Test Your Stuff!
Posted
on forgotpass.php
I think ' or '1'='1
may send the password to the first user, however I can not check... it does not give errors (so I assume it does)