Xbox Live Gamer Tag Lookup System

[Appzmaster]

I had a small little project I was working on and decided I wanted to make it public if anyone could just bang away at it for a little that would be great. The idea is simple you enter a gamer tag and it gives you their info or tells you if that tag exists. Note the info is usually about 60 seconds delayed as I cache the data not to abuse the API server.

 

http://xbltwitter.com/

[Appzmaster]

LOL I know it looks like shit but it is just something a threw together in a few hours to see if it is something interesting for people. i just hope it is not full of holes -.- lol

[darkfreaks]

XSS(cross site scripting):(1) failure

 

also please link us to a document on your site saying you own it according to forum rules.

 

[darkfreaks]

will harden your app against MYSQL /XSS injection/ remote directory/file inclusion / remote page inclusion/CSRF/session fixation

 

 

 

[Appzmaster]

A document? like me typing I own this? lol I figured with how crude the layout and coding is it would be obvious. I don't know what document would show that I own it.

[darkfreaks]

make a html page that just says i am [email protected]

[Appzmaster]

OHHHH thats easy here: http://xbltwitter.com/phpfreakstesting.html

[darkfreaks]

uhm your server firewall blocked me for port scanning anyway to unblock the IP

[Appzmaster]

sure just shoot me a PM or what ever with your IP I have really strict firewall rules also strict mod_sec rules that will block in the firewall also.

[Appzmaster]

I finally started laying it out a little nicer also I will be adding a top games played based on the searches this weekend I hope

[Coreye]

Full Path Disclosure:

When you submit ' you get this:

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:20: parser error : AttValue: " or ' expected in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: <span><H1>Server Error in '/' Application.<hr width=100% size=1 colo in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:20: parser error : attributes construct error in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: <span><H1>Server Error in '/' Application.<hr width=100% size=1 colo in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:20: parser error : Couldn't find end of Start Tag hr line 20 in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: <span><H1>Server Error in '/' Application.<hr width=100% size=1 colo in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:31: parser error : AttValue: " or ' expected in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: <table width=100% bgcolor="#ffffcc"> in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:31: parser error : attributes construct error in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: <table width=100% bgcolor="#ffffcc"> in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:31: parser error : Couldn't find end of Start Tag table line 31 in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: <table width=100% bgcolor="#ffffcc"> in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:46: parser error : Opening and ending tag mismatch: br line 29 and table in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: </table> in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:52: parser error : AttValue: " or ' expected in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: <table width=100% bgcolor="#ffffcc"> in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:52: parser error : attributes construct error in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: <table width=100% bgcolor="#ffffcc"> in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:52: parser error : Couldn't find end of Start Tag table line 52 in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: <table width=100% bgcolor="#ffffcc"> in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:67: parser error : Opening and ending tag mismatch: br line 50 and table in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: </table> in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:71: parser error : Opening and ending tag mismatch: br line 69 and body in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: </body> in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:72: parser error : Opening and ending tag mismatch: br line 50 and html in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: </html> in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:73: parser error : Premature end of data in tag br line 48 in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:73: parser error : Premature end of data in tag br line 29 in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:73: parser error : Premature end of data in tag br line 27 in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:73: parser error : Premature end of data in tag br line 27 in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:73: parser error : Premature end of data in tag font line 24 in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:73: parser error : Premature end of data in tag body line 18 in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: /home/twitter/public_html/cache/\'.xml:73: parser error : Premature end of data in tag html line 1 in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: in /home/twitter/public_html/index.php on line 300

 

Warning: simplexml_load_file() [function.simplexml-load-file]: ^ in /home/twitter/public_html/index.php on line 300

 

Full Path Disclosure:

When you submit single letters or strings, you get this:

Warning: Invalid argument supplied for foreach() in /home/twitter/public_html/index.php on line 358

[darkfreaks]

how are you using the simplxml:load function??

Example:

<?php
if (file_exists('test.xml')) {
    $xml = simplexml_load_file('test.xml');

    print_r($xml);
} else {
    exit('Failed to open test.xml.');
}?>

[darkfreaks]

then you an do soething like

 

<?php
foreach($xml as $SimpleXML)

{ // code 
}?>

[Appzmaster]

I usually have error reporting off on that script but I was testing things also that is how I am using the simplxml:load function.

[darkfreaks]

well you might want to turn it on and fix those errors

[Appzmaster]

Well they are just bad formatted XML files as the file name was weird my content server displays info from my API server the API server returns results and my content server stores the results as XML so I can cache  the info and not whack the hell out of my API server lol. Once a weird name is sent it scrambles my XML hence the XML error. To me thats not that big of a deal as if I have error reporting off no one will see the errors.

[darkfreaks]

thats aload of crap everytime someone enters a  quote it will display an error fix it.

[Appzmaster]

Well then if you know how tell me cause I don't when the API server gets a bad name it just displays a HTML page saying ERROR which has no XML hence the error when you give it a bad name I just go to the php.ini and disable display errors that stops the messages.

[Appzmaster]

I shut off display_errors in php.ini that should keep the script quiet

[darkfreaks]

can you unblock my ip again. i think its pretty much secure

[ikmyer]

mind if i ask where your pulling the data from ?