Haggis Posted May 2, 2008 Share Posted May 2, 2008 i have written all the code myself which is a first for me co i usually use premade stuff i am enjoying doing it but would like you guys into onto anything i can make better would like you to check out any vunerabilites if possible thanks http://www.haggistech.co.uk/ Link to comment https://forums.phpfreaks.com/topic/103853-test-my-site/ Share on other sites More sharing options...
allistera Posted May 2, 2008 Share Posted May 2, 2008 Full path disclosure http://www.haggistech.co.uk/index.php?action=show&id=33[] You can enter html in comments (Shows in the preview), but the comment does not show and the count stays at 0. Link to comment https://forums.phpfreaks.com/topic/103853-test-my-site/#findComment-531710 Share on other sites More sharing options...
Coreye Posted May 2, 2008 Share Posted May 2, 2008 Full Path Disclosure: http://www.haggistech.co.uk/show.php Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/haggiste/public_html/show.php on line 15 You can enter blank comments. Link to comment https://forums.phpfreaks.com/topic/103853-test-my-site/#findComment-532074 Share on other sites More sharing options...
Haggis Posted May 6, 2008 Author Share Posted May 6, 2008 Full path disclosure http://www.haggistech.co.uk/index.php?action=show&id=33[] You can enter html in comments (Shows in the preview), but the comment does not show and the count stays at 0. yeah the comments are moderated working on the path disclosure and not having html cheers guys Link to comment https://forums.phpfreaks.com/topic/103853-test-my-site/#findComment-534172 Share on other sites More sharing options...
Haggis Posted May 6, 2008 Author Share Posted May 6, 2008 Full Path Disclosure: http://www.haggistech.co.uk/show.php Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/haggiste/public_html/show.php on line 15 You can enter blank comments. also working on this lol cheers for all who tested comments Link to comment https://forums.phpfreaks.com/topic/103853-test-my-site/#findComment-534173 Share on other sites More sharing options...
ILYAS415 Posted May 10, 2008 Share Posted May 10, 2008 Full Path Disclosure: http://www.haggistech.co.uk/index.php?action=show&id[]=35 Also posting doesnt seem to work. Link to comment https://forums.phpfreaks.com/topic/103853-test-my-site/#findComment-537586 Share on other sites More sharing options...
Haggis Posted May 12, 2008 Author Share Posted May 12, 2008 Full Path Disclosure: http://www.haggistech.co.uk/index.php?action=show&id[]=35 Also posting doesnt seem to work. how would i stop that full path disclosure? posting does work just comments are moderated Link to comment https://forums.phpfreaks.com/topic/103853-test-my-site/#findComment-538947 Share on other sites More sharing options...
allistera Posted May 13, 2008 Share Posted May 13, 2008 Use: error_reporting(0); Or look in the php.ini settings for error_reporting. http://uk.php.net/manual/en/errorfunc.configuration.php#ini.error-reporting Link to comment https://forums.phpfreaks.com/topic/103853-test-my-site/#findComment-539695 Share on other sites More sharing options...
darkfreaks Posted July 9, 2008 Share Posted July 9, 2008 Vulnerability description HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method. This vulnerability affects Web Server. The impact of this vulnerability Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data. How to fix this vulnerability Disable TRACE Method on the web server. Apache Mod_SSL Log Function Format String Vulnerability Vulnerability description This alert was generated using only banner information. It may be a false positive. A format string vulnerability has been found in mod_ssl versions older than 2.8.19. Successful exploitation of this issue will most likely allow an attacker to execute arbitrary code on the affected computer. Affected mod_ssl versions (up to 2.8.18). This vulnerability affects mod_ssl. The impact of this vulnerability Denial of service and/or possible arbitrary code execution. Attack details Current version is mod_ssl/2.2.8 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.6 PHP/5.2.6 How to fix this vulnerability Upgrade mod_ssl to the latest version. Link to comment https://forums.phpfreaks.com/topic/103853-test-my-site/#findComment-585539 Share on other sites More sharing options...
darkfreaks Posted July 9, 2008 Share Posted July 9, 2008 Vulnerability description A possible sensitive file has been found. This file is not directly linked from the website. This check looks for known sensitive files like: password files, configuration files, log files, include files, statistics data, database dumps. Each of those files may help an attacker to learn more about his target. This vulnerability affects /test.txt. The impact of this vulnerability This file may expose sensitive information that may help an malicious user to prepare more advanced attacks How to fix this vulnerability Restrict access to this file or remove it from the website. Vulnerability description A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks for known sensitive directories like: backup directories, database dumps, administration pages, temporary directories. Each of those directories may help an attacker to learn more about his target. This vulnerability affects /cache. The impact of this vulnerability This directory may expose sensitive information that may help an malicious user to prepare more advanced attacks. Also Effects the following directories: /CSS , /Forums , /Blog Link to comment https://forums.phpfreaks.com/topic/103853-test-my-site/#findComment-585540 Share on other sites More sharing options...
olie122333 Posted July 9, 2008 Share Posted July 9, 2008 PHP error... ^^ who dunnit ??? lol Link to comment https://forums.phpfreaks.com/topic/103853-test-my-site/#findComment-585683 Share on other sites More sharing options...
LooieENG Posted July 9, 2008 Share Posted July 9, 2008 Fatal error: Cannot redeclare get_search_phrase() (previously declared in /home/haggiste/public_html/browser.php:100) in /home/haggiste/public_html/browser.php on line 8 Link to comment https://forums.phpfreaks.com/topic/103853-test-my-site/#findComment-585707 Share on other sites More sharing options...
Recommended Posts