Jump to content

Recommended Posts

lol ya, links is my link checker for my main site krazypicks, I just am testing my script, because my website will handle money transactions. You can take a look at it, but there is not much there. http://www.krazypicks.com you can see a name at the footer saying it is copyrighted by James Little, if you look in my profile on here I think my name is in it. I also own www.lamezz.com and www.lamezz.info All the footers match!

 

lol I am not trying to get you guys to hack other peoples websites :P

 

Oh also, you can also do a WhoIs on the domain!

Link to comment
https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-620119
Share on other sites

lol I am not trying to get you guys to hack other peoples websites :P

 

Oh also, you can also do a WhoIs on the domain!

 

Great! Thanks for the clarification. I was definitely not making any accusations, but without more comment than "hack this", I just wanted to make sure.

 

Good luck!

Link to comment
https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-620156
Share on other sites

Image uploaded successfully.

Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: gd-jpeg: JPEG library reports unrecoverable error: in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 67

Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: 'user_img/f1b77376e6da9ea8126410f9331886e8-Guest.jpeg' is not a valid JPEG file in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 67

Warning: imagesx(): supplied argument is not a valid Image resource in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 68

Warning: imagesy(): supplied argument is not a valid Image resource in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 69

Warning: Division by zero in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 75

Warning: imagecreate() [function.imagecreate]: Invalid image dimensions in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 79

Warning: imagetruecolortopalette(): supplied argument is not a valid Image resource in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 80

Warning: imagecolorstotal(): supplied argument is not a valid Image resource in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 81

Warning: imagecopyresized(): supplied argument is not a valid Image resource in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 86

Warning: imagejpeg(): supplied argument is not a valid Image resource in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 87

Warning: imagedestroy(): supplied argument is not a valid Image resource in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 88

Warning: imagedestroy(): supplied argument is not a valid Image resource in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 89
Image shirnking successfully done.Guest.jpeg

 

Also, it says "wrong file type" for .jpg

Link to comment
https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-621202
Share on other sites

HTTP TRACE method is enabled on this web server.

In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method. This vulnerability affects Web Server.

The impact of this vulnerability

Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data.

How to fix this vulnerability

Disable TRACE Method on the web server.

 

File inputs accepted

By this form input is possible to upload a file to the server.

This vulnerability affects /up.php.

The impact of this vulnerability

User may upload malicious files to server.

 

 

How to fix this vulnerability

Check if the script inputs are properly validated

 

 

Link to comment
https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-621203
Share on other sites

actually i do read stuff. there is a potential that the script could be vulnerable to upload attacks. if it does not contain a filter function like to check not only just to allow picture types but also to disallow malicious file types like .exe,.js,.asp, .php and so on.

Link to comment
https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-621216
Share on other sites

Vulnerability description

Password type input named pass from form named form1 with action ../main/include/process.php has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache.

This vulnerability affects /user/avatar_uploader.php, index.php,user/index.php,/user,support/index.php

The impact of this vulnerability

Possible sensitive information disclosure

 

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">

 

 

Link to comment
https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-621648
Share on other sites

Vulnerability description

Password type input named pass from form named form1 with action ../main/include/process.php has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache.

This vulnerability affects /user/avatar_uploader.php, index.php,user/index.php,/user,support/index.php

The impact of this vulnerability

Possible sensitive information disclosure

 

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">

 

Your scanner sucks. The autocomplete attribute does not exist in the specification or DTD.

 

http://www.w3.org/TR/html401/interact/forms.html#h-17.4

Link to comment
https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-621763
Share on other sites

What are you talking about? What function? There is no function in that snippet. It's an invalid HTML attribute and it has nothing to do with Javascript whatsoever. The scanner sucks because it suggests people to use invalid markup. Furthermore, how is it immature to say that something sucks based on facts?

Link to comment
https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-622066
Share on other sites

Again, I would suggest you to read what you post:

 

Publication of this document by W3C indicates no endorsement of its content by W3C' date=' nor that W3C has, is, or will be allocating any resources to the issues addressed by it. This document is not the product of a chartered W3C group, but is published as [i']potential[/i] input to the W3C Process.
(my emphasis)

 

Furthermore, if you dump that snippet into the validator then you will see that it's regarded as an invalid attribute.

Link to comment
https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-622076
Share on other sites

the statment is retracted. ;)

 

 

anyway since i no doubted provided the wrong solution thanks to the scanner i am going to change it up to switch off in javascript rather than HTML since its non W3C compliant.

 

 

 

  
      <script type="text/javascript">
      function init() {
      if (!document.getElementById) return false;
      var f = document.getElementById('auto_off');
      var u = f.elements[0];
      f.setAttribute("autocomplete", "off");
      u.focus();
      }

      </script>
      <body onload='init()'>
      <form id="auto_off">

 

hopefully that will turn the function off rather than put it in html where it does not belong.

Link to comment
https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-622079
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.