unidox Posted May 30, 2007 Share Posted May 30, 2007 www.team-unidox.com/admin/ I am still fixing the remote sql but other than that. Any ideas? Link to comment https://forums.phpfreaks.com/topic/53569-cms/ Share on other sites More sharing options...
redbullmarky Posted May 30, 2007 Share Posted May 30, 2007 got a test username/password? on FF2, a mouseover JS function, setStatus, is throwing errors left right and center according to firebug. Link to comment https://forums.phpfreaks.com/topic/53569-cms/#findComment-264929 Share on other sites More sharing options...
unidox Posted May 30, 2007 Author Share Posted May 30, 2007 user=sub1 pass=1 Link to comment https://forums.phpfreaks.com/topic/53569-cms/#findComment-264959 Share on other sites More sharing options...
obsidian Posted May 30, 2007 Share Posted May 30, 2007 In addition to the setStatus throwing all the errors (I got about 260 thrown in the course of a single page), every text field in your "Settings" form is open to SQL injection. You need to handle your single quotes. Also, you need to handle double quotes within the output to the form. I changed the name to No"Hype, and you'll see that only the No was output to the value of the form field since the quote was not handled with htmlentities of some sort. The double quotes error above also opens you up to XSS attacks. I changed the name further to: No" /><script type="text/javascript">alert("js!!!");</script><input type="hidden This will pop up an alert box with every time the name is displayed within a form. Hope these help point you to some of the holes. Link to comment https://forums.phpfreaks.com/topic/53569-cms/#findComment-265013 Share on other sites More sharing options...
unidox Posted May 30, 2007 Author Share Posted May 30, 2007 So how do I fix this? Link to comment https://forums.phpfreaks.com/topic/53569-cms/#findComment-265056 Share on other sites More sharing options...
obsidian Posted May 30, 2007 Share Posted May 30, 2007 So how do I fix this? #1 - escape any user input that you are inserting directly into a database with the appropriate escape string (mysql_real_escape_string()). #2 - when you output database information to the screen within a form (or within form elements), you need to use the HTML equivalent of said characters. So, when outputting to a form, try using something like this instead: <?php $title = htmlentities($title, ENT_QUOTES); echo "<input type=\"text\" name=\"title\" value=\"$title\" />"; ?> That should be a good start to cleaning up your user input at least Good luck. Link to comment https://forums.phpfreaks.com/topic/53569-cms/#findComment-265104 Share on other sites More sharing options...
agentsteal Posted May 30, 2007 Share Posted May 30, 2007 Cross Site Scripting: http://www.team-unidox.com/cgi-sys/scgiwrap/<marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www.team-unidox.com/admin/delete_news_comments.php Warning: Cannot modify header information - headers already sent by (output started at /home/teamuni/public_html/admin/delete_news_comments.php:30) in /home/teamuni/public_html/admin/req/func.inc.php on line 10 Full Path Disclosure: http://www.team-unidox.com/includes/func.inc.php Warning: main(./forum/extension.inc) [function.main]: failed to open stream: No such file or directory in /home/teamuni/public_html/includes/func.inc.php on line 4 Warning: main(./forum/extension.inc) [function.main]: failed to open stream: No such file or directory in /home/teamuni/public_html/includes/func.inc.php on line 4 Warning: main(./forum/extension.inc) [function.main]: failed to open stream: No such file or directory in /home/teamuni/public_html/includes/func.inc.php on line 4 Warning: main() [function.include]: Failed opening './forum/extension.inc' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/teamuni/public_html/includes/func.inc.php on line 4 Warning: main(./forum/common.) [function.main]: failed to open stream: No such file or directory in /home/teamuni/public_html/includes/func.inc.php on line 5 Warning: main(./forum/common.) [function.main]: failed to open stream: No such file or directory in /home/teamuni/public_html/includes/func.inc.php on line 5 Warning: main(./forum/common.) [function.main]: failed to open stream: No such file or directory in /home/teamuni/public_html/includes/func.inc.php on line 5 Warning: main() [function.include]: Failed opening './forum/common.' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/teamuni/public_html/includes/func.inc.php on line 5 Fatal error: Call to undefined function: session_pagestart() in /home/teamuni/public_html/includes/func.inc.php on line 6 Includes Directory: http://www.team-unidox.com/admin/req/ Includes Directory: http://www.team-unidox.com/includes/ User Enumeration: http://www.team-unidox.com/~root User Enumeration: http://www.team-unidox.com/~teamuni User Enumeration: http://www.team-unidox.com/~unidox Link to comment https://forums.phpfreaks.com/topic/53569-cms/#findComment-265156 Share on other sites More sharing options...
Recommended Posts