Jump to content

New Instant Messenger Service!!

techiefreak05
 Share

Recommended Posts

techiefreak05 Advanced Member

techiefreak05

Posted
Posted

Currently it has no official name, but zwmster Media has just opened "zIM" (working title). It's a whole new network, it does not use AIM,Yahoo, etc... There is currently no prorgam avaiable to download, but there is a web interface simiar to meebo.

 

register and check it out!!

 

Add me to your list: brenden

 

 

--- http://www.zwmster.com/im ---

Link to comment
https://forums.phpfreaks.com/topic/54629-new-instant-messenger-service/
Share on other sites
agentsteal Newbie

agentsteal

Posted
Posted

Array:

http://www.zwmster.com/define?q[]

 

Array:

http://www.zwmster.com/dsc?q[]

 

Array:

http://www.zwmster.com/people?q[]

 

Cross Site Scripting:

http://www.zwmster.com/?lang="><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.zwmster.com/define?q="><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.zwmster.com/dsc?q="><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.zwmster.com/people?q="><marquee><h1>vulnerable</marquee>

 

Full Path Disclosure:

http://www.zwmster.com//

Warning: main(../login/login.php) [function.main]: failed to open stream: No such file or directory in /homepages/5/d191754224/htdocs/search/templates/standard/header.html on line 3

 

Warning: main() [function.include]: Failed opening '../login/login.php' for inclusion (include_path='.:/usr/local/lib/php') in /homepages/5/d191754224/htdocs/search/templates/standard/header.html on line 3

 

Warning: main(/bin/i.php) [function.main]: failed to open stream: No such file or directory in /homepages/5/d191754224/htdocs/search/search.php on line 159

 

Warning: main() [function.include]: Failed opening '/bin/i.php' for inclusion (include_path='.:/usr/local/lib/php') in /homepages/5/d191754224/htdocs/search/search.php on line 159

 

Full Path Disclosure:

http://www.zwmster.com/web_s?query[]

Wireless102 Newbie

Wireless102

Posted
Posted

@agentsteal:

you love exploiting bugs dont you? ;-) haha thanks alot... any help on fixing these vulnerabilities!?!?

 

while this will not fix it all, it will get some of it

<?php
foreach ($_GET as $sVar => $xValue) {
$_GET[$sVar] = addslashes(strip_tags(str_replace('\0', '', $xValue)));
}
foreach ($_POST as $sVar => $xValue) {
$_POST[$sVar] = addslashes(strip_tags(str_replace('\0', '', $xValue)));
}
foreach ($_COOKIE as $sVar => $xValue) {
$_COOKIE[$sVar] = addslashes(strip_tags(str_replace('\0', '', $xValue)));
}
?>

 

the best thing to do, that i have found,  is only allow what you expect to hear from the $_GET's and such

use regular expressions to filter out what you don't want there.

 

 

I found that code somewhere, i didn't write it. It gave me the idea of how to clear all the XSS out of my project.

I am currently rewriting alot of my pages to only allow what i expect to hear get to them. everything else will

be ignored.

 

for the file errors find out why it cant open the file, is the file there? is the permissions set right?

you can use a @ to not display errors on some calls

 

 

 

techiefreak05 Advanced Member

techiefreak05

Posted
  • Author
Posted

I fixed the file error.. i just added a rewrite rule that pretty much ignored multiple slashes, like this: http://www.zwmster.com/////

 

any other suggestions would be appreciated!

 

thx agentsteal, for that code, ill try it out later. im at school

  • 4 weeks later...
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.