Trackflix

[mrbuter]

http://www.trackflix.net

 

Go crazy.

 

here's a login:

 

testuser

password

 

 

It's really not that complex (as in if it works for me it probably works for everyone...and it works for me). nevertheless it doesn't hurt to have others test it.

 

I'd also appreciate feedback on the layout etc.

[Coreye]

Cross Site Scripting(XSS):

You can submit ">code into the fields on the tracking page.

 

Full Path Disclosure:

http://www.trackflix.net/index.php?list=yes&trackid=a

Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /home/calvideo/public_html/netflix/index.php on line 283

 

Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /home/calvideo/public_html/netflix/index.php on line 284

 

Full Path Disclosure:

http://www.trackflix.net/index.php?list=yes&trackid=999999

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 4 in /home/calvideo/public_html/netflix/index.php on line 283

 

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 4 in /home/calvideo/public_html/netflix/index.php on line 284

 

Full Path Disclosure:

http://www.trackflix.net/user.php?s=participation

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 7 in /home/calvideo/public_html/netflix/user.php on line 115

 

 

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 8 in /home/calvideo/public_html/netflix/user.php on line 115

 

 

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 9 in /home/calvideo/public_html/netflix/user.php on line 115

 

 

Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 10 in /home/calvideo/public_html/netflix/user.php on line 115

[mrbuter]

uhm how can you do the xss code on the tracking page? I'm pretty sure I made it remove all letters and most characters.

 

As for the full path discolure, best way to fix that would be to just change the or die(mysql_error()) to or die("some message"); right?

 

 

[mrbuter]

That's strange...the participation one isn't supposed to ever error out.

 

It searches the databases for the entries that the user has participated in and started. If there are 0 rows then it will say that there's nothing there (and it won't try to display anything so it shouldn't error out like that...)

 

Did you happen to do anything for that to happen?

[mrbuter]

okay I think it's because I cant get the site to strip back slashes (\).

 

How can I get it to do that lol. I've been using str_replace

 

ex:

 

$illegal = array("a", "b", "c",..., "<", ">", "/"...etc.)

$var = str_replace($illegal, "", $var);

 

but I cant include "\" in the array. At least I can't figure out how to do it. Ideas?

[Stephen]

stripslashes("string");

 

?

[mrbuter]

stripslashes isn't working

 

I do

 

$string = stripslashes($string);

 

but it's a no-go.

 

am i doing it wrong?

[mrbuter]

alright i think i fixed all those.

[john010117]

No you didn't (at least on the second page if it's a new movie).

 

"><script>alert("hi")</script>

[darkfreaks]

User credentials are sent in clear text

 

The impact of this vulnerability

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

How to fix this vulnerability

Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.

Password type input with autocomplete

The impact of this vulnerability

Possible sensitive information disclosure

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">