Jump to content

Tell me what your think!


Recommended Posts

Cross Site Scripting:

http://www.getmetola.com/default.html/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.getmetola.com/register.php/'><marquee><h1>vulnerable</marquee>

 

Full Path Disclosure:

There is Full Path Disclosure if you log in with an invalid password.

Warning: Cannot modify header information - headers already sent by (output started at /home/pokebash/public_html/getmetola/login.php:13) in /home/pokebash/public_html/getmetola/login.php on line 36

 

Includes Directory:

http://www.getmetola.com/test/

 

User Enumeration:

http://www.getmetola.com/~pokebash

 

User Enumeration:

http://www.getmetola.com/~root

Link to comment
Share on other sites

Quote from: agentsteal on Today at 08:41:25 PM

There are a few Cross Site Scripting vulnerabilities.

 

POC: (The links got messed up but if you click on the parts that are lit up it will go to the correct pages)

http://www.getmetola.com/default.html/"><marquee><h1><you>pwnd</you>

by

agentsteal<h3>embed:

<embed src='.mp3'>img:

<img>input:

<input value=pwnd_by_agentsteal>option:

<select><option>pwnd<option>by<option>agentsteal</select>iframe:

<iframe src=[/url]

http://www.getmetola.com/register.php/'><marquee><h1><you>pwnd</you>

by

agentsteal<h3>embed:

<embed src='.mp3'>img:

<img>input:

<input value=pwnd_by_agentsteal>option:

<select><option>pwnd<option>by<option>agentsteal</select>iframe:

<iframe src=[/url]

how would i stop something like that?

 

The problem is that the forms on those pages set the form action to whatever the end of the URL is. If the URL is http://www.getmetola.com/default.html, the form action is /default.html:

 

<form action="/default.html" method="POST">

 

However, if the URL is http://www.getmetola.com/default.html/code, the form action is /code:

 

<form action="/code" method="POST">

 

and the code gets written onto the page. To fix this, either filter the tags or just set the form actions to /default.html and /register.php.

how would i filter the tags??

Link to comment
Share on other sites

Your profile.php page increments the profile view counter by 2 for each profile view instead of incrementing by 1...

 

Not sure if that's what you meant or not...

no it doesn't

hmm

well not on any of the computers ive tested it on

Link to comment
Share on other sites

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.