Jump to content

Recommended Posts

Hello everyone,

 

   It's Twister. I am here to ask anyone and everyone to test a my website here, http://twistablepie.servegame.com/cype . You are welcome to register as many accounts as you see fits your needs. There is a max limit, so beware of that.

 

I am authorized to test any SQL injections or any security issues, for that matter. I am also a developer within this website.

 

If anyone finds an error, please report it to me!

 

Thank you.

 

P.S Validation is within the scrolling header at the top.

 

-Twister

Link to comment
https://forums.phpfreaks.com/topic/142728-people-to-test-for-security-issues/
Share on other sites

Cross Site Scripting(XSS):

You can submit ">code in the username when registering and it executes after you login.

 

Full Path Disclosure:

http://twistablepie.servegame.com/cype/?cype=main&page=ranking&order=&job[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\ranking.php on line 30

 

Full Path Disclosure:

http://twistablepie.servegame.com/cype/sources/public/ranking.php

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\ranking.php on line 30

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\ranking.php on line 30

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\ranking.php on line 36

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\ranking.php on line 36

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\ranking.php on line 50

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\ranking.php on line 50

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\ranking.php on line 56

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\ranking.php on line 56

Access denied for user 'ODBC'@'localhost' (using password: NO)

 

Full Path Disclosure:

http://twistablepie.servegame.com/cype/sources/public/news.php

Warning: mysql_query() [function.mysql-query]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\news.php on line 148

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\news.php on line 148

Access denied for user 'ODBC'@'localhost' (using password: NO)

 

Full Path Disclosure:

http://twistablepie.servegame.com/cype/sources/public/events.php

Warning: mysql_query() [function.mysql-query]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\events.php on line 158

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\events.php on line 158

Access denied for user 'ODBC'@'localhost' (using password: NO)

 

Full Path Disclosure:

When you press submit on http://twistablepie.servegame.com/cype/sources/public/register.php

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 172

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 172

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 173

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 173

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 174

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 174

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 175

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 175

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 176

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 176

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 177

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 177

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 179

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 179

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 182

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\register.php on line 182

Access denied for user 'ODBC'@'localhost' (using password: NO)

 

Full Path Disclosure:

When you press submit on http://twistablepie.servegame.com/cype/sources/public/login.php

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\login.php on line 70

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\login.php on line 70

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\login.php on line 71

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\login.php on line 71

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\login.php on line 72

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\login.php on line 72

Access denied for user 'ODBC'@'localhost' (using password: NO)

 

Full Path Disclosure:

http://twistablepie.servegame.com/cype/sources/public/members.php

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\members.php on line 21

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\members.php on line 21

 

Fatal error: Call to undefined function getid() in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\members.php on line 22

 

Full Path Disclosure:

http://twistablepie.servegame.com/cype/?cype=main&page=members&name[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\members.php on line 21

 

Full Path Disclosure:

http://twistablepie.servegame.com/cype/?cype=main&page=news&id[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\news.php on line 44

 

Full Path Disclosure:

http://twistablepie.servegame.com/cype/sources/public/banned.php

Warning: mysql_query() [function.mysql-query]: Access denied for user 'ODBC'@'localhost' (using password: NO) in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\banned.php on line 21

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in C:\Documents and Settings\Compaq_Owner\Desktop\Server Files\xampp\htdocs\Cype\sources\public\banned.php on line 21

Access denied for user 'ODBC'@'localhost' (using password: NO)

I see you run apache and php.

 

You could disallow direct access for the files that give errors when requested directly.

As for the get params. In your php only acces certain values.

 

You kinda lost me. Note: I'm not the best in PHP. So how would I do that?

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.