Jump to content

Check the security of my upload system.

juke

By juke
in Beta Test Your Stuff!

 Share

Recommended Posts

  • 2 weeks later...
darkfreaks Advanced Member

darkfreaks

Posted
Posted

Vulnerability description

By this form input is possible to upload a file to the server.

This vulnerability affects /.

The impact of this vulnerability

User may upload malicious files to server.

How to fix: make sure your script input is properly validated.

 

Trace Method Enabled

How to Fix: mod_rewrite, switch off trace method on server config.

 

 

 

 

 

  • 2 weeks later...
Coreye Member

Coreye

Posted
Posted

Full Path Disclosure:

http://fwup.net/mint/pepper/orderedlist/downloads/class.php

Fatal error: Class 'Pepper' not found in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/orderedlist/downloads/class.php on line 19

 

Full Path Disclosure:

http://fwup.net/mint/pepper/orderedlist/downloads/download.php?file[]

Warning: parse_url() expects parameter 1 to be string, array given in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/orderedlist/downloads/download.php on line 21

 

Warning: Cannot modify header information - headers already sent by (output started at /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/orderedlist/downloads/download.php:21) in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/app/paths/record/index.php on line 16

 

Warning: Cannot modify header information - headers already sent by (output started at /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/orderedlist/downloads/download.php:21) in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/app/paths/record/index.php on line 17

 

Warning: Cannot modify header information - headers already sent by (output started at /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/orderedlist/downloads/download.php:21) in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/app/paths/record/index.php on line 18

 

Warning: Cannot modify header information - headers already sent by (output started at /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/orderedlist/downloads/download.php:21) in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/app/paths/record/index.php on line 19

 

Warning: Cannot modify header information - headers already sent by (output started at /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/orderedlist/downloads/download.php:21) in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/app/paths/record/index.php on line 20

 

Warning: htmlentities() expects parameter 1 to be string, array given in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/shauninman/default/class.php on line 312

 

Warning: pathinfo() expects parameter 1 to be string, array given in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/orderedlist/downloads/class.php on line 111

 

Full Path Disclosure:

http://fwup.net/mint/pepper/tillkruess/downloads/modules/http/tracker.php

Notice: Undefined index: TK_Downloads in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/tillkruess/downloads/modules/http/tracker.php on line 173

 

Notice: Undefined index: in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/tillkruess/downloads/modules/http/tracker.php on line 174

 

Notice: Undefined index: url in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/tillkruess/downloads/modules/http/tracker.php on line 179

 

Full Path Disclosure:

http://fwup.net/mint/pepper/tillkruess/downloads/modules/phpbb3/config.php

Incorrect TK_PATH! Could not find phpBB3's config file at /kunden/115126_24116/webseiten/trucksims/config.php

The absolut path to this file is /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/tillkruess/downloads/modules/phpbb3

 

Full Path Disclosure:

http://fwup.net/mint/pepper/tillkruess/downloads/modules/phpbb3/tracker.php

Warning: require() [function.require]: Unable to access /kunden/115126_24116/webseiten/trucksims/config.php in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/tillkruess/downloads/modules/phpbb3/config.php on line 27

 

Warning: require(/kunden/115126_24116/webseiten/trucksims/config.php) [function.require]: failed to open stream: No such file or directory in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/tillkruess/downloads/modules/phpbb3/config.php on line 27

 

Warning: require() [function.require]: Unable to access /kunden/115126_24116/webseiten/trucksims/config.php in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/tillkruess/downloads/modules/phpbb3/config.php on line 27

 

Warning: require(/kunden/115126_24116/webseiten/trucksims/config.php) [function.require]: failed to open stream: No such file or directory in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/tillkruess/downloads/modules/phpbb3/config.php on line 27

 

Fatal error: require() [function.require]: Failed opening required '/kunden/115126_24116/webseiten/trucksims/config.php' (include_path='.:/usr/local/lib/php/') in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/tillkruess/downloads/modules/phpbb3/config.php on line 27

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.