Jump to content

People to test for security issues =)

Twister1004

By Twister1004
in Beta Test Your Stuff!

 Share

Recommended Posts

Twister1004 Member

Twister1004

Posted
Posted

Hello everyone,

 

   It's Twister. I am here to ask anyone and everyone to test a my website here, http://twistablepie.servegame.com/cype . You are welcome to register as many accounts as you see fits your needs. There is a max limit, so beware of that.

 

I am authorized to test any SQL injections or any security issues, for that matter. I am also a developer within this website.

 

If anyone finds an error, please report it to me!

 

Thank you.

 

P.S Validation is within the scrolling header at the top.

 

-Twister

Link to comment
https://forums.phpfreaks.com/topic/142728-people-to-test-for-security-issues/
Share on other sites
Coreye Member

Coreye

Posted
Posted

Cross Site Scripting(XSS):

You can submit ">code in the username when registering and it executes after you login.

 

Full Path Disclosure:

http://twistablepie.servegame.com/cype/?cype=main&page=ranking&order=&job[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\ranking.php on line 30

 

Full Path Disclosure:

http://twistablepie.servegame.com/cype/sources/public/ranking.php

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\ranking.php on line 30

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\ranking.php on line 30

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\ranking.php on line 36

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\ranking.php on line 36

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\ranking.php on line 50

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\ranking.php on line 50

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\ranking.php on line 56

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\ranking.php on line 56

Access denied for user 'ODBC'@'localhost' (using password: NO)

 

Full Path Disclosure:

http://twistablepie.servegame.com/cype/sources/public/news.php

Warning: mysql_query() [function.mysql-query]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\news.php on line 148

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\news.php on line 148

Access denied for user 'ODBC'@'localhost' (using password: NO)

 

Full Path Disclosure:

http://twistablepie.servegame.com/cype/sources/public/events.php

Warning: mysql_query() [function.mysql-query]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\events.php on line 158

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\events.php on line 158

Access denied for user 'ODBC'@'localhost' (using password: NO)

 

Full Path Disclosure:

When you press submit on http://twistablepie.servegame.com/cype/sources/public/register.php

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 172

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 172

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 173

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 173

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 174

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 174

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 175

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 175

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 176

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 176

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 177

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 177

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 179

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 179

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 182

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 182

Access denied for user 'ODBC'@'localhost' (using password: NO)

 

Full Path Disclosure:

When you press submit on http://twistablepie.servegame.com/cype/sources/public/login.php

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\login.php on line 70

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\login.php on line 70

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\login.php on line 71

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\login.php on line 71

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\login.php on line 72

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\login.php on line 72

Access denied for user 'ODBC'@'localhost' (using password: NO)

 

Full Path Disclosure:

http://twistablepie.servegame.com/cype/sources/public/members.php

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\members.php on line 21

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\members.php on line 21

 

Fatal error: Call to undefined function getid() in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\members.php on line 22

 

Full Path Disclosure:

http://twistablepie.servegame.com/cype/?cype=main&page=members&name[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\members.php on line 21

 

Full Path Disclosure:

http://twistablepie.servegame.com/cype/?cype=main&page=news&id[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\news.php on line 44

 

Full Path Disclosure:

http://twistablepie.servegame.com/cype/sources/public/banned.php

Warning: mysql_query() [function.mysql-query]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\banned.php on line 21

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\banned.php on line 21

Access denied for user 'ODBC'@'localhost' (using password: NO)

Twister1004 Member

Twister1004

Posted
  • Author
Posted

I see you run apache and php.

 

You could disallow direct access for the files that give errors when requested directly.

As for the get params. In your php only acces certain values.

 

You kinda lost me. Note: I'm not the best in PHP. So how would I do that?

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.