CMS

[unidox]

www.team-unidox.com/admin/

 

I am still fixing the remote sql but other than that. Any ideas?

[redbullmarky]

got a test username/password?

 

on FF2, a mouseover JS function, setStatus, is throwing errors left right and center according to firebug.

[unidox]

user=sub1 pass=1

[obsidian]

In addition to the setStatus throwing all the errors (I got about 260 thrown in the course of a single page), every text field in your "Settings" form is open to SQL injection. You need to handle your single quotes. Also, you need to handle double quotes within the output to the form. I changed the name to No"Hype, and you'll see that only the No was output to the value of the form field since the quote was not handled with htmlentities of some sort.

 

The double quotes error above also opens you up to XSS attacks. I changed the name further to:

No" /><script type="text/javascript">alert("js!!!");</script><input type="hidden

 

This will pop up an alert box with every time the name is displayed within a form.

 

Hope these help point you to some of the holes.

[unidox]

So how do I fix this?

[obsidian]

So how do I fix this?

 

#1 - escape any user input that you are inserting directly into a database with the appropriate escape string (mysql_real_escape_string()).

 

#2 - when you output database information to the screen within a form (or within form elements), you need to use the HTML equivalent of said characters. So, when outputting to a form, try using something like this instead:

<?php
$title = htmlentities($title, ENT_QUOTES);
echo "<input type=\"text\" name=\"title\" value=\"$title\" />";
?>

 

That should be a good start to cleaning up your user input at least

 

Good luck.

[agentsteal]

Cross Site Scripting:

http://www.team-unidox.com/cgi-sys/scgiwrap/<marquee><h1>vulnerable</marquee>

 

Full Path Disclosure:

http://www.team-unidox.com/admin/delete_news_comments.php

Warning: Cannot modify header information - headers already sent by (output started at /home/teamuni/public_html/admin/delete_news_comments.php:30) in /home/teamuni/public_html/admin/req/func.inc.php on line 10

 

Full Path Disclosure:

http://www.team-unidox.com/includes/func.inc.php

Warning: main(./forum/extension.inc) [function.main]: failed to open stream: No such file or directory in /home/teamuni/public_html/includes/func.inc.php on line 4

 

Warning: main(./forum/extension.inc) [function.main]: failed to open stream: No such file or directory in /home/teamuni/public_html/includes/func.inc.php on line 4

 

Warning: main(./forum/extension.inc) [function.main]: failed to open stream: No such file or directory in /home/teamuni/public_html/includes/func.inc.php on line 4

 

Warning: main() [function.include]: Failed opening './forum/extension.inc' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/teamuni/public_html/includes/func.inc.php on line 4

 

Warning: main(./forum/common.) [function.main]: failed to open stream: No such file or directory in /home/teamuni/public_html/includes/func.inc.php on line 5

 

Warning: main(./forum/common.) [function.main]: failed to open stream: No such file or directory in /home/teamuni/public_html/includes/func.inc.php on line 5

 

Warning: main(./forum/common.) [function.main]: failed to open stream: No such file or directory in /home/teamuni/public_html/includes/func.inc.php on line 5

 

Warning: main() [function.include]: Failed opening './forum/common.' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/teamuni/public_html/includes/func.inc.php on line 5

 

Fatal error: Call to undefined function: session_pagestart() in /home/teamuni/public_html/includes/func.inc.php on line 6

 

Includes Directory:

http://www.team-unidox.com/admin/req/

 

Includes Directory:

http://www.team-unidox.com/includes/

 

User Enumeration:

http://www.team-unidox.com/~root

 

User Enumeration:

http://www.team-unidox.com/~teamuni

 

User Enumeration:

http://www.team-unidox.com/~unidox