Voldemort Posted May 4, 2007 Share Posted May 4, 2007 This was something I randomly thought I should make two days ago... I made the majority of it in an hour on Thursday and fine-tuned it yesterday. It's basically your own e-notepad to save links/etc. at school or wherever, or just have quick access to a note. It's been done before, and a lot better, but I felt like trying my hand at making one to see how it works. If you could just play around with it and try to mess with it, I'd be grateful. Fustrate.com |~| Virtual Notepad If I can ever get wildcard subdomains working, the urls will be yourname.fustrate.com, but until then, notes.fustrate.com/yourname will have to work. Oh, and instructions: Make a page using the form, and remember the password. Go to the url it gives you, and edit the page by just changing what's in the box and using the password you specified. (TinyMCE is used for the editor) Link to comment Share on other sites More sharing options...
agentsteal Posted May 5, 2007 Share Posted May 5, 2007 Cross Site Scripting: http://www.fustrate.com/cgi-sys/scgiwrap/<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if your password contains code. Cross Site Scripting: There is Cross Site Scripting if your username contains code. Full Path Disclosure: http://www.fustrate.com/cgi-sys/scgiwrap/ Log: http://www.fustrate.com/log.txt User Enumeration: http://www.fustrate.com/~hoffman User Enumeration: http://www.fustrate.com/~root Link to comment Share on other sites More sharing options...
Voldemort Posted May 5, 2007 Author Share Posted May 5, 2007 Ah, you found the log from when there was a fake login page It was an experiment to see what people would try to put in, that was the log from the last day it was up How would I block all of this? Link to comment Share on other sites More sharing options...
s0c0 Posted May 5, 2007 Share Posted May 5, 2007 My notes didn't save. When I click submit the page reloads and the text is gone. Did I do something wrong. My suggestion for better features - let people have bookmarks on the side with different types of notes. This would be good for some people, I use my blog for this though. Link to comment Share on other sites More sharing options...
Voldemort Posted May 5, 2007 Author Share Posted May 5, 2007 Hmm, I'll check out the password thing, I think I know what it is... I've starting implementing something to clean the input, I've got it working pretty well now. The subdomains should be up within the hour, i found the mistake with that. And what do you mean bookmarks? edit: ah, I know what the problem is. How do you pass $_POST variables along with a redirect? can it be done? Link to comment Share on other sites More sharing options...
Voldemort Posted May 5, 2007 Author Share Posted May 5, 2007 err, a .htaccess redirect Link to comment Share on other sites More sharing options...
Voldemort Posted May 6, 2007 Author Share Posted May 6, 2007 dynamic subdomains are now working... I still can't figure out how to block ~hoffman and cgi-sys/scgiwrap... Link to comment Share on other sites More sharing options...
Voldemort Posted May 8, 2007 Author Share Posted May 8, 2007 I did, it doesn't stop it. Link to comment Share on other sites More sharing options...
MrCracker Posted May 24, 2007 Share Posted May 24, 2007 I can get past the register screen without typing in a password... you should change that so to be able to register you have to enter a pw Link to comment Share on other sites More sharing options...
Glyde Posted May 24, 2007 Share Posted May 24, 2007 Try disallowing /cgi-sys/scgiwrap in .htaccess Put an .htaccess file in /cgi-sys/ that reads like this: Order deny,allow Deny from all Alternatively you can try <Files "scgiwrap"> Order deny,allow Deny from all </Files> In a root folder, but I don't know if that latter will work. Link to comment Share on other sites More sharing options...
Recommended Posts