thewooleymammoth Posted October 6, 2008 Share Posted October 6, 2008 www.fatalinjury.org I would like to know if there is any holes you guys can find please, particularly in www.fatalinjury.org/list.php thanks Link to comment https://forums.phpfreaks.com/topic/127187-site-security-test/ Share on other sites More sharing options...
waynew Posted October 6, 2008 Share Posted October 6, 2008 OH LAWD. All I'm getting is a link to error.jpg lern2<img> Link to comment https://forums.phpfreaks.com/topic/127187-site-security-test/#findComment-657987 Share on other sites More sharing options...
nrg_alpha Posted October 6, 2008 Share Posted October 6, 2008 www.fatalinjury.org I would like to know if there is any holes you guys can find please, particularly in www.fatalinjury.org/list.php thanks Something tells me this should be in the 'Beta Test Your Stuff! ' forum. You would get a lot more valuable feedback there. Link to comment https://forums.phpfreaks.com/topic/127187-site-security-test/#findComment-658160 Share on other sites More sharing options...
thewooleymammoth Posted October 6, 2008 Author Share Posted October 6, 2008 www.fatalinjury.org I would like to know if there is any holes you guys can find please, particularly in www.fatalinjury.org/list.php thanks Something tells me this should be in the 'Beta Test Your Stuff! ' forum. You would get a lot more valuable feedback there. well because this page lists all the things in a directory, i was hoping you could test to see if you could see any of the directories or files i wouldn't necessarily want you too see (i dont really know what files i dont want you to be able to see). for example www.fatalinjury.org/list.php?dir=pics lists all the files found in the /pic directory, sorry for not making it clear enough, also i just added a user login system and it would be great if someone who knew how could test that for security for me Link to comment https://forums.phpfreaks.com/topic/127187-site-security-test/#findComment-658259 Share on other sites More sharing options...
nrg_alpha Posted October 6, 2008 Share Posted October 6, 2008 Well, again, I would recommend posting in the 'Beta Test Your Stuff!' forum. There is more to security than trying to find folders that you don't people to see. Those guys will perform much more detailed tests (checking the server for certain variables and whatnot. The amount of stuff found can be quite an eye opener from what I have read. I unfortunately cannot help you with regards to checking for any holes.. Cheers, NRG Link to comment https://forums.phpfreaks.com/topic/127187-site-security-test/#findComment-658534 Share on other sites More sharing options...
thewooleymammoth Posted October 7, 2008 Author Share Posted October 7, 2008 Well, again, I would recommend posting in the 'Beta Test Your Stuff!' forum. There is more to security than trying to find folders that you don't people to see. Those guys will perform much more detailed tests (checking the server for certain variables and whatnot. The amount of stuff found can be quite an eye opener from what I have read. I unfortunately cannot help you with regards to checking for any holes.. Cheers, NRG alright thanks Link to comment https://forums.phpfreaks.com/topic/127187-site-security-test/#findComment-658737 Share on other sites More sharing options...
Coreye Posted October 7, 2008 Share Posted October 7, 2008 Full Path Disclosure: http://www.fatalinjury.org/list.php?dir=a Warning: scandir(a/) [function.scandir]: failed to open dir: No such file or directory in /homepages/8/d218498496/htdocs/imagesite/list.php on line 11 Warning: scandir() [function.scandir]: (errno 2): No such file or directory in /homepages/8/d218498496/htdocs/imagesite/list.php on line 11 Warning: natcasesort() [function.natcasesort]: The argument should be an array in /homepages/8/d218498496/htdocs/imagesite/list.php on line 12 Warning: Invalid argument supplied for foreach() in /homepages/8/d218498496/htdocs/imagesite/menu.php on line 3 Warning: array_values() [function.array-values]: The argument should be an array in /homepages/8/d218498496/htdocs/imagesite/menu.php on line 8 Warning: Invalid argument supplied for foreach() in /homepages/8/d218498496/htdocs/imagesite/menu.php on line 3 Warning: array_values() [function.array-values]: The argument should be an array in /homepages/8/d218498496/htdocs/imagesite/menu.php on line 8 Warning: Invalid argument supplied for foreach() in /homepages/8/d218498496/htdocs/imagesite/menu.php on line 3 Warning: array_values() [function.array-values]: The argument should be an array in /homepages/8/d218498496/htdocs/imagesite/menu.php on line 8 Warning: Invalid argument supplied for foreach() in /homepages/8/d218498496/htdocs/imagesite/list.php on line 33 Full Path Disclosure: http://www.fatalinjury.org/display.php?num=a&dir=a Warning: scandir(a/) [function.scandir]: failed to open dir: No such file or directory in /homepages/8/d218498496/htdocs/imagesite/display.php on line 55 Warning: scandir() [function.scandir]: (errno 2): No such file or directory in /homepages/8/d218498496/htdocs/imagesite/display.php on line 55 Link to comment https://forums.phpfreaks.com/topic/127187-site-security-test/#findComment-659253 Share on other sites More sharing options...
thewooleymammoth Posted October 8, 2008 Author Share Posted October 8, 2008 tahnks, ive been searching for a way to stop the warning messages but i cant find one, if you know of any tutorials i could use them. Link to comment https://forums.phpfreaks.com/topic/127187-site-security-test/#findComment-660250 Share on other sites More sharing options...
xtopolis Posted October 10, 2008 Share Posted October 10, 2008 php.ini display_errors "off" or something similar I think. Link to comment https://forums.phpfreaks.com/topic/127187-site-security-test/#findComment-661636 Share on other sites More sharing options...
nrg_alpha Posted October 10, 2008 Share Posted October 10, 2008 Can you not simply use this line in your code? : ini_set('display_errors', 'Off'); Link to comment https://forums.phpfreaks.com/topic/127187-site-security-test/#findComment-661654 Share on other sites More sharing options...
thewooleymammoth Posted October 10, 2008 Author Share Posted October 10, 2008 Can you not simply use this line in your code? : ini_set('display_errors', 'Off'); sweet thanks Link to comment https://forums.phpfreaks.com/topic/127187-site-security-test/#findComment-661753 Share on other sites More sharing options...
GraphiX Posted October 10, 2008 Share Posted October 10, 2008 On list.php 'SQL-Inject-Me' fond lots of errors on a few fields... http://k47design.com/list_results.html Link to comment https://forums.phpfreaks.com/topic/127187-site-security-test/#findComment-662039 Share on other sites More sharing options...
Recommended Posts