techiefreak05 Posted June 7, 2007 Share Posted June 7, 2007 Currently it has no official name, but zwmster Media has just opened "zIM" (working title). It's a whole new network, it does not use AIM,Yahoo, etc... There is currently no prorgam avaiable to download, but there is a web interface simiar to meebo. register and check it out!! Add me to your list: brenden --- http://www.zwmster.com/im --- Link to comment Share on other sites More sharing options...
source Posted June 7, 2007 Share Posted June 7, 2007 http://www.zwmster.com/users/98?id=98 http://www.zwmster.com/users/99?id=99 Also, while I won't provide the link your search is also vulnerable to xss... either or/ you dont filter the name fiel that is optional upon registering Link to comment Share on other sites More sharing options...
agentsteal Posted June 7, 2007 Share Posted June 7, 2007 Array: http://www.zwmster.com/define?q[] Array: http://www.zwmster.com/dsc?q[] Array: http://www.zwmster.com/people?q[] Cross Site Scripting: http://www.zwmster.com/?lang="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.zwmster.com/define?q="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.zwmster.com/dsc?q="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.zwmster.com/people?q="><marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www.zwmster.com// Warning: main(../login/login.php) [function.main]: failed to open stream: No such file or directory in /homepages/5/d191754224/htdocs/search/templates/standard/header.html on line 3 Warning: main() [function.include]: Failed opening '../login/login.php' for inclusion (include_path='.:/usr/local/lib/php') in /homepages/5/d191754224/htdocs/search/templates/standard/header.html on line 3 Warning: main(/bin/i.php) [function.main]: failed to open stream: No such file or directory in /homepages/5/d191754224/htdocs/search/search.php on line 159 Warning: main() [function.include]: Failed opening '/bin/i.php' for inclusion (include_path='.:/usr/local/lib/php') in /homepages/5/d191754224/htdocs/search/search.php on line 159 Full Path Disclosure: http://www.zwmster.com/web_s?query[] Link to comment Share on other sites More sharing options...
MikeDXUNL Posted June 8, 2007 Share Posted June 8, 2007 Love the interface. Nice idea. I am sure this is a lot of work to be done on it though? Link to comment Share on other sites More sharing options...
techiefreak05 Posted June 8, 2007 Author Share Posted June 8, 2007 @agentsteal: you love exploiting bugs dont you? ;-) haha thanks alot... any help on fixing these vulnerabilities!?!? Link to comment Share on other sites More sharing options...
Wireless102 Posted June 8, 2007 Share Posted June 8, 2007 @agentsteal: you love exploiting bugs dont you? ;-) haha thanks alot... any help on fixing these vulnerabilities!?!? while this will not fix it all, it will get some of it <?php foreach ($_GET as $sVar => $xValue) { $_GET[$sVar] = addslashes(strip_tags(str_replace('\0', '', $xValue))); } foreach ($_POST as $sVar => $xValue) { $_POST[$sVar] = addslashes(strip_tags(str_replace('\0', '', $xValue))); } foreach ($_COOKIE as $sVar => $xValue) { $_COOKIE[$sVar] = addslashes(strip_tags(str_replace('\0', '', $xValue))); } ?> the best thing to do, that i have found, is only allow what you expect to hear from the $_GET's and such use regular expressions to filter out what you don't want there. I found that code somewhere, i didn't write it. It gave me the idea of how to clear all the XSS out of my project. I am currently rewriting alot of my pages to only allow what i expect to hear get to them. everything else will be ignored. for the file errors find out why it cant open the file, is the file there? is the permissions set right? you can use a @ to not display errors on some calls Link to comment Share on other sites More sharing options...
techiefreak05 Posted June 8, 2007 Author Share Posted June 8, 2007 I fixed the file error.. i just added a rewrite rule that pretty much ignored multiple slashes, like this: http://www.zwmster.com///// any other suggestions would be appreciated! thx agentsteal, for that code, ill try it out later. im at school Link to comment Share on other sites More sharing options...
black.horizons Posted June 14, 2007 Share Posted June 14, 2007 is it me - or does it look like google...only with a change? Link to comment Share on other sites More sharing options...
LiamProductions Posted June 17, 2007 Share Posted June 17, 2007 Great WebMessenger. Link to comment Share on other sites More sharing options...
techiefreak05 Posted June 19, 2007 Author Share Posted June 19, 2007 IF it looks like Google, its a coicidence, not on purpose what so ever. haha Thanks, yes its cool but it still needs a bit of work, and more features to be added, lots of work on everything still to come Link to comment Share on other sites More sharing options...
TheFilmGod Posted June 20, 2007 Share Posted June 20, 2007 what is CROSS SITE SCRIPTING. I keep reading it and I don't know what it is!!! ??? Link to comment Share on other sites More sharing options...
clanstyles Posted June 21, 2007 Share Posted June 21, 2007 Agent, your having to much fun with that lol.. Also nice work it looks great both services. Link to comment Share on other sites More sharing options...
Lumio Posted June 21, 2007 Share Posted June 21, 2007 what is CROSS SITE SCRIPTING. I keep reading it and I don't know what it is!!! ??? http://en.wikipedia.org/wiki/Cross-site_scripting Link to comment Share on other sites More sharing options...
techiefreak05 Posted June 22, 2007 Author Share Posted June 22, 2007 Thanks for the feedback and compliments everyone! and We will continue to appreicate any further feedback. We are also working on another project ;-) Link to comment Share on other sites More sharing options...
speaker219 Posted July 21, 2007 Share Posted July 21, 2007 http://www.zwmster.com/people?q=%22%3E%22%3E%22%3E%3E%3E%3E%3Cscript%3Ealert(1)%3C/script%3E Link to comment Share on other sites More sharing options...
techiefreak05 Posted July 23, 2007 Author Share Posted July 23, 2007 Thanks for that, we'll fix that momentarily. Link to comment Share on other sites More sharing options...
Recommended Posts