condoravenue Posted December 11, 2010 Share Posted December 11, 2010 http://tinyurl.com/2fqbcgp proof of ownership: http://www.snow-report.us/somename/phpfreaks.txt Link to comment Share on other sites More sharing options...
dreamwest Posted December 21, 2010 Share Posted December 21, 2010 Can I give it a TCP test?? Itll be supa fun i promise Link to comment Share on other sites More sharing options...
PHPTOM Posted December 25, 2010 Share Posted December 25, 2010 http://www.snow-report.us/somename/operations/error_log Displays your server address & username Also no index file in operations. Not a huge hole, but it is one. Link to comment Share on other sites More sharing options...
Maq Posted December 28, 2010 Share Posted December 28, 2010 I got 136 failure with all tests for SQL Inject Me. Link to comment Share on other sites More sharing options...
unlishema.wolf Posted January 6, 2011 Share Posted January 6, 2011 Anyone can access all your pages. Not a security risk until someone figures out what to insert to delete accounts and create accounts without permission. Link to comment Share on other sites More sharing options...
Omirion Posted January 30, 2011 Share Posted January 30, 2011 http://www.snow-report.us/somename/operations/ You should really deny access to this. Link to comment Share on other sites More sharing options...
Coreye Posted February 12, 2011 Share Posted February 12, 2011 Full Path Disclosure: http://snow-report.us/somename/operations/account_created.php?passkey[] Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/brecke5/public_html/somename/operations/account_created.php on line 7 Link to comment Share on other sites More sharing options...
Recommended Posts