zymn Posted July 29, 2008 Share Posted July 29, 2008 http://irjaws.com/zymn/upload.php check out my uploader. it can upload any file (at the moment) expect it to look better in the future. Link to comment https://forums.phpfreaks.com/topic/117084-high-ends-site-upload/ Share on other sites More sharing options...
waynew Posted July 29, 2008 Share Posted July 29, 2008 LOL: STOMACH ACHE! FOOD NOT FOUND! -------------------------------------------------------------------------------- Lol,you tried to go to /zymn/uploads/uploads Lol, like, this aint here yo. -------------------------------------------------------------------------------- Oh yeah, I logged your IP address. I'm sending you to the FBI 86.43.86.205 Link to comment https://forums.phpfreaks.com/topic/117084-high-ends-site-upload/#findComment-602722 Share on other sites More sharing options...
waynew Posted July 29, 2008 Share Posted July 29, 2008 YAY WALRUS Link to comment https://forums.phpfreaks.com/topic/117084-high-ends-site-upload/#findComment-602723 Share on other sites More sharing options...
waynew Posted July 29, 2008 Share Posted July 29, 2008 http://irjaws.com/zymn/uploads//echo.php Link to comment https://forums.phpfreaks.com/topic/117084-high-ends-site-upload/#findComment-602742 Share on other sites More sharing options...
zymn Posted July 29, 2008 Author Share Posted July 29, 2008 umm... it was down for a while. and... you scare me. and, please help me with the coding here: http://www.phpfreaks.com/forums/index.php/topic,209188.0.html i dunno where to put it... Link to comment https://forums.phpfreaks.com/topic/117084-high-ends-site-upload/#findComment-602862 Share on other sites More sharing options...
Wolphie Posted July 29, 2008 Share Posted July 29, 2008 http://irjaws.com/zymn/uploads//phpinfo.php Lol, I'd seriously advise against allowing .php file extensions. Link to comment https://forums.phpfreaks.com/topic/117084-high-ends-site-upload/#findComment-603089 Share on other sites More sharing options...
darkfreaks Posted July 29, 2008 Share Posted July 29, 2008 its not that , allowing phpinfo files is a security risk Link to comment https://forums.phpfreaks.com/topic/117084-high-ends-site-upload/#findComment-603104 Share on other sites More sharing options...
zymn Posted July 29, 2008 Author Share Posted July 29, 2008 i know that. but... i need help with the code... why isn't anyone helping me? and, UPDATE! added an affiliate and email page. Link to comment https://forums.phpfreaks.com/topic/117084-high-ends-site-upload/#findComment-603137 Share on other sites More sharing options...
darkfreaks Posted July 29, 2008 Share Posted July 29, 2008 if you know that why isnt it being taken care of ??? Vulnerability description By this form input is possible to upload a file to the server. This vulnerability affects /zymn/upload.php. The impact of this vulnerability User may upload malicious files to server. How to fix this vulnerability Check if the script inputs are properly validated. Vulnerability description This file is listed in robots.txt but it's not linked anywhere in the site. This vulnerability affects /client. The impact of this vulnerability Possible sensitive information disclosure. How to fix this vulnerability In robots.txt you should include only files or directories linked on the site. Link to comment https://forums.phpfreaks.com/topic/117084-high-ends-site-upload/#findComment-603150 Share on other sites More sharing options...
2words4uready Posted August 17, 2008 Share Posted August 17, 2008 Your sites has been hacked. No i didn't do it. LOL PWNED!! */echo ' LOL PWNED!! ';?>*/echo ' LOL PWNED!! ';?>*/echo ' LOL PWNED!! ';?> Link to comment https://forums.phpfreaks.com/topic/117084-high-ends-site-upload/#findComment-618310 Share on other sites More sharing options...
darkfreaks Posted August 17, 2008 Share Posted August 17, 2008 HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method. This vulnerability affects Web Server. The impact of this vulnerability Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data. How to fix this vulnerability Disable TRACE Method on the web server. Vulnerability description This file is listed in robots.txt but it's not linked anywhere in the site. This vulnerability affects /client. The impact of this vulnerability Possible sensitive information disclosure. How to fix this vulnerability In robots.txt you should include only files or directories linked on the site. GHDB: robots.txt file The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Files containing juicy info Webmasters wanting to exclude search engine robots from certain parts of their site often choose the use of a robot.txt file on the root of the server. This file basicly tells the bot which directories are supposed to be off-limits. An attacker can easily obtain that information by very simply opening that plain text file in his browser. Webmasters should *never* rely on this for real security issues. Google helps the attacker by allowing a search for the "disallow" keyword. This vulnerability affects /robots.txt. Attack details We found (inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt Link to comment https://forums.phpfreaks.com/topic/117084-high-ends-site-upload/#findComment-618326 Share on other sites More sharing options...
Recommended Posts