tommyda Posted January 7, 2009 Share Posted January 7, 2009 Could anyone help me with finding security risks with this script. http://websiteconstructionteam.com/phptesting/mobile-social-networking Any help would be much appreciated Thanks Link to comment https://forums.phpfreaks.com/topic/139776-any-security-risks-loopholes/ Share on other sites More sharing options...
darkfreaks Posted January 7, 2009 Share Posted January 7, 2009 refer to this thread: http://www.phpfreaks.com/forums/index.php/topic,232470.0.html Link to comment https://forums.phpfreaks.com/topic/139776-any-security-risks-loopholes/#findComment-731258 Share on other sites More sharing options...
tommyda Posted January 7, 2009 Author Share Posted January 7, 2009 http://websiteconstructionteam.com/phptesting/mobile-social-networking/phpfreaks.php proof its my site Link to comment https://forums.phpfreaks.com/topic/139776-any-security-risks-loopholes/#findComment-731267 Share on other sites More sharing options...
darkfreaks Posted January 7, 2009 Share Posted January 7, 2009 Login and register are secure you got a test login we could use ??? Link to comment https://forums.phpfreaks.com/topic/139776-any-security-risks-loopholes/#findComment-731276 Share on other sites More sharing options...
Coreye Posted January 7, 2009 Share Posted January 7, 2009 Cross Site Scripting(XSS): You can submit ">code when you register and and it will execute after you login. Cross Site Scripting(XSS): http://websiteconstructionteam.com/phptesting/mobile-social-networking/profile.php?user="><marquee><h1>test Full Path Disclosure: http://websiteconstructionteam.com/phptesting/mobile-social-networking/newblog.php Warning: Cannot modify header information - headers already sent by (output started at /home/website/public_html/phptesting/mobile-social-networking/newblog.php:13) in /home/website/public_html/phptesting/mobile-social-networking/newblog.php on line 58 Full Path Disclosure: http://websiteconstructionteam.com/phptesting/mobile-social-networking/newmsg.php?to= Warning: Cannot modify header information - headers already sent by (output started at /home/website/public_html/phptesting/mobile-social-networking/config.php:2) in /home/website/public_html/phptesting/mobile-social-networking/newmsg.php on line 37 Full Path Disclosure: http://websiteconstructionteam.com/phptesting/mobile-social-networking/inbox.php Warning: Cannot modify header information - headers already sent by (output started at /home/website/public_html/phptesting/mobile-social-networking/config.php:2) in /home/website/public_html/phptesting/mobile-social-networking/inbox.php on line 41 Link to comment https://forums.phpfreaks.com/topic/139776-any-security-risks-loopholes/#findComment-731522 Share on other sites More sharing options...
Recommended Posts