juke Posted September 3, 2008 Share Posted September 3, 2008 Hello, I recently made an uploader called http://fwup.net/ and I'm concerned for it's security. If anyone can find any holes or exploits, try not do anything to dangerous! Thanks! Link to comment Share on other sites More sharing options...
juke Posted September 15, 2008 Author Share Posted September 15, 2008 'ello? Link to comment Share on other sites More sharing options...
dezkit Posted September 15, 2008 Share Posted September 15, 2008 I like the simple layout, but you should put the content to the middle of the screen, instead of the top. everything else is fine Link to comment Share on other sites More sharing options...
benphp Posted September 21, 2008 Share Posted September 21, 2008 looks good to me Link to comment Share on other sites More sharing options...
juke Posted September 23, 2008 Author Share Posted September 23, 2008 Thanks. Link to comment Share on other sites More sharing options...
darkfreaks Posted September 23, 2008 Share Posted September 23, 2008 Vulnerability description By this form input is possible to upload a file to the server. This vulnerability affects /. The impact of this vulnerability User may upload malicious files to server. How to fix: make sure your script input is properly validated. Trace Method Enabled How to Fix: mod_rewrite, switch off trace method on server config. Link to comment Share on other sites More sharing options...
Coreye Posted October 7, 2008 Share Posted October 7, 2008 Full Path Disclosure: http://fwup.net/mint/pepper/orderedlist/downloads/class.php Fatal error: Class 'Pepper' not found in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/orderedlist/downloads/class.php on line 19 Full Path Disclosure: http://fwup.net/mint/pepper/orderedlist/downloads/download.php?file[] Warning: parse_url() expects parameter 1 to be string, array given in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/orderedlist/downloads/download.php on line 21 Warning: Cannot modify header information - headers already sent by (output started at /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/orderedlist/downloads/download.php:21) in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/app/paths/record/index.php on line 16 Warning: Cannot modify header information - headers already sent by (output started at /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/orderedlist/downloads/download.php:21) in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/app/paths/record/index.php on line 17 Warning: Cannot modify header information - headers already sent by (output started at /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/orderedlist/downloads/download.php:21) in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/app/paths/record/index.php on line 18 Warning: Cannot modify header information - headers already sent by (output started at /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/orderedlist/downloads/download.php:21) in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/app/paths/record/index.php on line 19 Warning: Cannot modify header information - headers already sent by (output started at /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/orderedlist/downloads/download.php:21) in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/app/paths/record/index.php on line 20 Warning: htmlentities() expects parameter 1 to be string, array given in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/shauninman/default/class.php on line 312 Warning: pathinfo() expects parameter 1 to be string, array given in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/orderedlist/downloads/class.php on line 111 Full Path Disclosure: http://fwup.net/mint/pepper/tillkruess/downloads/modules/http/tracker.php Notice: Undefined index: TK_Downloads in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/tillkruess/downloads/modules/http/tracker.php on line 173 Notice: Undefined index: in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/tillkruess/downloads/modules/http/tracker.php on line 174 Notice: Undefined index: url in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/tillkruess/downloads/modules/http/tracker.php on line 179 Full Path Disclosure: http://fwup.net/mint/pepper/tillkruess/downloads/modules/phpbb3/config.php Incorrect TK_PATH! Could not find phpBB3's config file at /kunden/115126_24116/webseiten/trucksims/config.php The absolut path to this file is /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/tillkruess/downloads/modules/phpbb3 Full Path Disclosure: http://fwup.net/mint/pepper/tillkruess/downloads/modules/phpbb3/tracker.php Warning: require() [function.require]: Unable to access /kunden/115126_24116/webseiten/trucksims/config.php in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/tillkruess/downloads/modules/phpbb3/config.php on line 27 Warning: require(/kunden/115126_24116/webseiten/trucksims/config.php) [function.require]: failed to open stream: No such file or directory in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/tillkruess/downloads/modules/phpbb3/config.php on line 27 Warning: require() [function.require]: Unable to access /kunden/115126_24116/webseiten/trucksims/config.php in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/tillkruess/downloads/modules/phpbb3/config.php on line 27 Warning: require(/kunden/115126_24116/webseiten/trucksims/config.php) [function.require]: failed to open stream: No such file or directory in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/tillkruess/downloads/modules/phpbb3/config.php on line 27 Fatal error: require() [function.require]: Failed opening required '/kunden/115126_24116/webseiten/trucksims/config.php' (include_path='.:/usr/local/lib/php/') in /mounted-storage/home84c/sub006/sc45819-MYTR/fwup.net/mint/pepper/tillkruess/downloads/modules/phpbb3/config.php on line 27 Link to comment Share on other sites More sharing options...
darkfreaks Posted October 12, 2008 Share Posted October 12, 2008 XSS Me says your good Link to comment Share on other sites More sharing options...
darkfreaks Posted October 13, 2008 Share Posted October 13, 2008 SQL injection passed Link to comment Share on other sites More sharing options...
Recommended Posts