Jump to content

Hinty

Members
  • Posts

    43
  • Joined

  • Last visited

    Never

Profile Information

  • Gender
    Not Telling

Hinty's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. I cant get your password but can log in as betty md5 hash ur cookie variables
  2. XSS http://happyhoursports.com/members.php?psearch=%22%3E%3Cscript%3Ealert(%22XSS%22)%3B%3C%2Fscript%3E SQL Injection Poll system, validate poll_id and option_id. User Voting Error! You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' unio' at line 1
  3. I could put anythin i wanted including PHP and javascript
  4. Looks all good to me
  5. XSS http://www.burnside.net46.net/msg.php?mod=send&random=GreenCheeeeeeese"><script>alert(document.cookie);</script>
  6. Directory Traversal On your CSS style editor found at: http://webid.freehostia.com/csseditor_.php?thestyle=themes/default/style.css&sel=.container&from=colors.php&color=border On changing the 'thestyle' to 'index.php' it edits the homepage. This could have been how your site was hacked.
  7. Check your database for any javascript redirection
  8. yup all good, cant find any others at the moment
  9. Thers also another XSS vulnerability present with same deals section. You can use it by entering javascript:alert(document.cookie); into the '** I JOIN' field. This requires the user to click the link for the attack to happen. Its also displaying the values twice, is that supposed to happen?
  10. XSS is present on the deals section. when inserting a deal enter <script>alert(document.cookie);</script> and a popup will appear when viewing list of deals.
  11. People are not here to perform penetration tests on your behalf. The aim is to solely to test errors present on the website application and receive guidance from experienced coders to rectify those errors. Regarding the frontpage it is extremely unsecure including the OpenSSL. As far as security went on that server i dnt think its even been thought of.
  12. Well if a number of ppl r using automated scans, thats thousands of requests. hosting accounts gives limited bandwidth to users and each request uses a very minor amount of bandwidth. A few scans shouldn't damage your bandwidth usage but try and resort to manual testing.
  13. yea sorry my mistake, addeals page not registration
  14. That would be the use of automated scans, than send thousands of requests and guessing they bombarded your registration form.
  15. Then its not the application that has the errors its the redirection either by server or application. SQL Inject Me is flagging that up as just an unexpected response not a SQL injection vulnerability. p.s. Don't use SQL inject me
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.