quickstopman Posted May 20, 2007 Share Posted May 20, 2007 http://www.getmetola.com tell me what you think of it! -- Dustin Link to comment Share on other sites More sharing options...
john010117 Posted May 20, 2007 Share Posted May 20, 2007 Ok... The home page and the other pages should have the same layout. The hovering links on the left should have their hovering color exactly in the black background. The main content table looks ugly. Everything explained Link to comment Share on other sites More sharing options...
agentsteal Posted May 21, 2007 Share Posted May 21, 2007 Cross Site Scripting: http://www.getmetola.com/default.html/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.getmetola.com/register.php/'><marquee><h1>vulnerable</marquee> Full Path Disclosure: There is Full Path Disclosure if you log in with an invalid password. Warning: Cannot modify header information - headers already sent by (output started at /home/pokebash/public_html/getmetola/login.php:13) in /home/pokebash/public_html/getmetola/login.php on line 36 Includes Directory: http://www.getmetola.com/test/ User Enumeration: http://www.getmetola.com/~pokebash User Enumeration: http://www.getmetola.com/~root Link to comment Share on other sites More sharing options...
quickstopman Posted May 21, 2007 Author Share Posted May 21, 2007 the site is still under construction and yes the pokebash was my other site i did for someone on the same server Link to comment Share on other sites More sharing options...
quickstopman Posted May 21, 2007 Author Share Posted May 21, 2007 Ok... The home page and the other pages should have the same layout. The hovering links on the left should have their hovering color exactly in the black background. The main content table looks ugly. Everything explained that is the old site layout that i took off i never updated that part sorry guys Link to comment Share on other sites More sharing options...
quickstopman Posted May 21, 2007 Author Share Posted May 21, 2007 There are a few Cross Site Scripting vulnerabilities. POC: (The links got messed up but if you click on the parts that are lit up it will go to the correct pages) http://www.getmetola.com/default.html/"><marquee><h1><hr><i><you>pwnd</you></i><br>by<br>agentsteal<h3><hr>embed:<br><embed src='.mp3'><hr>img:<br><img><hr>input:<br><input value=pwnd_by_agentsteal><hr>option:<br><select><option>pwnd<option>by<option>agentsteal</select><hr>iframe:<br><iframe src= http://www.getmetola.com/register.php/'><marquee><h1><hr><i><you>pwnd</you></i><br>by<br>agentsteal<h3><hr>embed:<br><embed src='.mp3'><hr>img:<br><img><hr>input:<br><input value=pwnd_by_agentsteal><hr>option:<br><select><option>pwnd<option>by<option>agentsteal</select><hr>iframe:<br><iframe src= how would i stop something like that? Link to comment Share on other sites More sharing options...
john010117 Posted May 21, 2007 Share Posted May 21, 2007 You would be interested in reading about mysql_real_escape_string(). Link to comment Share on other sites More sharing options...
quickstopman Posted May 21, 2007 Author Share Posted May 21, 2007 Quote from: agentsteal on Today at 08:41:25 PM There are a few Cross Site Scripting vulnerabilities. POC: (The links got messed up but if you click on the parts that are lit up it will go to the correct pages) http://www.getmetola.com/default.html/"><marquee><h1><you>pwnd</you> by agentsteal<h3>embed: <embed src='.mp3'>img: <img>input: <input value=pwnd_by_agentsteal>option: <select><option>pwnd<option>by<option>agentsteal</select>iframe: <iframe src=[/url] http://www.getmetola.com/register.php/'><marquee><h1><you>pwnd</you> by agentsteal<h3>embed: <embed src='.mp3'>img: <img>input: <input value=pwnd_by_agentsteal>option: <select><option>pwnd<option>by<option>agentsteal</select>iframe: <iframe src=[/url] how would i stop something like that? The problem is that the forms on those pages set the form action to whatever the end of the URL is. If the URL is http://www.getmetola.com/default.html, the form action is /default.html: <form action="/default.html" method="POST"> However, if the URL is http://www.getmetola.com/default.html/code, the form action is /code: <form action="/code" method="POST"> and the code gets written onto the page. To fix this, either filter the tags or just set the form actions to /default.html and /register.php. how would i filter the tags?? Link to comment Share on other sites More sharing options...
john010117 Posted May 22, 2007 Share Posted May 22, 2007 htmlentities() and/or htmlspecialchars(). Link to comment Share on other sites More sharing options...
quickstopman Posted May 22, 2007 Author Share Posted May 22, 2007 well i just took out the email form so there shouldn't be a problem. which agentsteal spammed the crap out of :-\ so nothing should happen anymore Link to comment Share on other sites More sharing options...
js_280 Posted May 22, 2007 Share Posted May 22, 2007 Your profile.php page increments the profile view counter by 2 for each profile view instead of incrementing by 1... Not sure if that's what you meant or not... Link to comment Share on other sites More sharing options...
quickstopman Posted May 22, 2007 Author Share Posted May 22, 2007 Your profile.php page increments the profile view counter by 2 for each profile view instead of incrementing by 1... Not sure if that's what you meant or not... no it doesn't hmm well not on any of the computers ive tested it on Link to comment Share on other sites More sharing options...
level3 Posted May 24, 2007 Share Posted May 24, 2007 It looks ok now, better layout then previous. Link to comment Share on other sites More sharing options...
john010117 Posted May 24, 2007 Share Posted May 24, 2007 Just tested your registration script. It does not check if the password 1 field matches the password 2 field. You might want to fix that. Link to comment Share on other sites More sharing options...
kathas Posted May 24, 2007 Share Posted May 24, 2007 you are still XSS vulnerable... (full name) Link to comment Share on other sites More sharing options...
quickstopman Posted May 28, 2007 Author Share Posted May 28, 2007 you are still XSS vulnerable... (full name) well how do i fix that? Link to comment Share on other sites More sharing options...
Recommended Posts