iMuzic - Need Proper Testing

[mattal999]

Ok guys. First off,

 

http://beta.imuzic.co.uk/phpfreaks.txt (I'm going to remove this in 24 hours - I don't like unused text files in my directory

 

Right. I have been working on this b-e-a-utiful website, iMuzic. It is a music sharing service with user accounts, playlists, downloads, etc. There are two versions - Full and Static. Full version uses AJAX. Static version is pure PHP and HTML. I need you to test out both for SQL injections, etc.

 

Oh, and you can take a look at the site and the Shuffle section too. That's a work in progress application. Thanks.

[DEVILofDARKNESS]

Is it normal that their are songs that do not work?

=> It is not that clear that the songs in red arent working.

Why are they actually listed if you can't hear them?

 

For the rest:

 

It's very easy to use, (Full version), The design is simple but I like it.

 

And the ammount of mp3's available is amazing !!

[mattal999]

Is it normal that their are songs that do not work?

=> It is not that clear that the songs in red arent working.

Why are they actually listed if you can't hear them?

 

For the rest:

 

It's very easy to use, (Full version), The design is simple but I like it.

 

And the ammount of mp3's available is amazing !!

Yeah, I need to write the Help docs to make it more obvious. I need to rethink the redness too. Maybe a little text blob on hover (Like the sidemenu) that states a broken link.

 

And yeah, the MP3s are increasing every day. It's really a quite simple series of cron scripts coded by moi that crawl the web. Not open source i'm afraid .

 

Thanks for the crits though. Have you found any security issues?

[DEVILofDARKNESS]

Not yet, but I will check that!  A text blob would be great!

And a crawler is really smart

[mattal999]

Not yet, but I will check that!  A text blob would be great!

And a crawler is really smart

 

Thanks It really means a lot to be told that I've created something smart

[darkfreaks]

Javascript Errors:

document.getelementbyid("player") is null

 

[Coreye]

Full Path Disclosure:

http://beta.imuzic.co.uk/download.php?id[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in E:\iwebsites\imuzic\sd_beta\download.php on line 7

 

Warning: setcookie() expects parameter 2 to be string, array given in E:\iwebsites\imuzic\sd_beta\download.php on line 8

 

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in E:\iwebsites\imuzic\sd_beta\download.php on line 11

 

Warning: Cannot modify header information - headers already sent by (output started at E:\iwebsites\imuzic\sd_beta\download.php:7) in E:\iwebsites\imuzic\sd_beta\download.php on line 15

 

Full Path Disclosure:

http://beta.imuzic.co.uk/files/search.php?q[]

Warning: urldecode() expects parameter 1 to be string, array given in E:\iwebsites\imuzic\sd_beta\files\search.php on line 7

 

Warning: setcookie() expects parameter 2 to be string, array given in E:\iwebsites\imuzic\sd_beta\files\search.php on line 10

 

Full Path Disclosure:

http://beta.imuzic.co.uk/static/search/test&page=0

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in E:\iwebsites\imuzic\sd_beta\static\search.php on line 78

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in E:\iwebsites\imuzic\sd_beta\static\search.php on line 80

 

Full Path Disclosure:

http://beta.imuzic.co.uk/static/search/test&page[]

Warning: setcookie() expects parameter 2 to be string, array given in E:\iwebsites\imuzic\sd_beta\static\search.php on line 9

 

Warning: Cannot modify header information - headers already sent by (output started at E:\iwebsites\imuzic\sd_beta\static\search.php:9) in E:\iwebsites\imuzic\sd_beta\static\search.php on line 14

 

Fatal error: Unsupported operand types in E:\iwebsites\imuzic\sd_beta\static\search.php on line 75

 

Full Path Disclosure:

http://beta.imuzic.co.uk/files/more.php?id[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in E:\iwebsites\imuzic\sd_beta\files\more.php on line 16

[darkfreaks]

Attack Details:

 

    * HTTP Method:HEAD

 

Got access to a resource that should be protected. Server response code: 200 OK.

 

Fix: disallow HEAD method in Htacess file.

RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|OPTIONS|POST|PUT)
RewriteRule .* - [F]

[mattal999]

Full Path Disclosure:

http://beta.imuzic.co.uk/download.php?id[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in E:\iwebsites\imuzic\sd_beta\download.php on line 7

 

Warning: setcookie() expects parameter 2 to be string, array given in E:\iwebsites\imuzic\sd_beta\download.php on line 8

 

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in E:\iwebsites\imuzic\sd_beta\download.php on line 11

 

Warning: Cannot modify header information - headers already sent by (output started at E:\iwebsites\imuzic\sd_beta\download.php:7) in E:\iwebsites\imuzic\sd_beta\download.php on line 15

 

Full Path Disclosure:

http://beta.imuzic.co.uk/files/search.php?q[]

Warning: urldecode() expects parameter 1 to be string, array given in E:\iwebsites\imuzic\sd_beta\files\search.php on line 7

 

Warning: setcookie() expects parameter 2 to be string, array given in E:\iwebsites\imuzic\sd_beta\files\search.php on line 10

 

Full Path Disclosure:

http://beta.imuzic.co.uk/static/search/test&page=0

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in E:\iwebsites\imuzic\sd_beta\static\search.php on line 78

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in E:\iwebsites\imuzic\sd_beta\static\search.php on line 80

 

Full Path Disclosure:

http://beta.imuzic.co.uk/static/search/test&page[]

Warning: setcookie() expects parameter 2 to be string, array given in E:\iwebsites\imuzic\sd_beta\static\search.php on line 9

 

Warning: Cannot modify header information - headers already sent by (output started at E:\iwebsites\imuzic\sd_beta\static\search.php:9) in E:\iwebsites\imuzic\sd_beta\static\search.php on line 14

 

Fatal error: Unsupported operand types in E:\iwebsites\imuzic\sd_beta\static\search.php on line 75

 

Full Path Disclosure:

http://beta.imuzic.co.uk/files/more.php?id[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in E:\iwebsites\imuzic\sd_beta\files\more.php on line 16

 

Thanks, but how do I fix these? Something like (int) $_GET['id'] or (string) $_GET['q']?

[darkfreaks]

please post those lines of code so we can see how you are calling it and can tell you how to fix it

[mattal999]

I just do this for all of them.

 

$variable = mysql_real_escape_string($_GET['varname']);

 

How would I go about protecting that from what was suggested above? I did the HEAD fix by the way. Mind testing that out again for me?

[mattal999]

I just do this for all of them.

 

$variable = mysql_real_escape_string($_GET['varname']);

 

How would I go about protecting that from what was suggested above? I did the HEAD fix by the way. Mind testing that out again for me?

 

Never mind. I fixed all those Full Path Disclosures. Anything else vulnerable?

[darkfreaks]

it fixed the SECCOMP attack but the header one is there but its only a warning not a failure

 

 

[darkfreaks]

not sure if your hosting or server has mod-security on it but you could ask. i think it will also help weed out the HEAD warning. its got better security than htaccess module

 

 

http://blog.modsecurity.org/

[foliady]

Thanks  It really means a lot

[keldorn]

What is HEAD method, and why is that something to not allow?

[darkfreaks]

ask your host if they can upgrade your hosting package to something with SSL 3.0 or TLS 1.0 which is more up to date.