davidg80

http://www.arteinsania.net/site.php still gives paths

i was able to login with: admin' OR 1='1 all personal data came up

SQL Injection at: http://dreamshowstudios.net/members.php?user=Tester'%20AND%20'1'='0

You should protect directory: http://dreamshowstudios.net/inc/ Better yet tell Apache/2.2.4 (Fedora) Server to handle .inc files with php. Do the same for all file extensions you use ex: .class,.php,.inc, etc.

Completely bypass liveBetting verification by going to the display.php page. http://www.xpersa.com/live/display.php

Full Path Disclosure: http://www.best-nights-out.com/index.php?page=place&placeid=a

from: Neohapsis You can compile Apache without UserDir, you can totally disable UserDir, or you can enable UserDir only for specific users e.g. UserDir public_html UserDir disabled UserDir enable 11a But since most users only have control of their websites through something like cPanel for the "Remote Username Enumeration Vulnerability" you make a custom 403 error page by copying your 404 error page. This will only seem to generate 404 errors and will only allow users with valid index pages to be identified.