ShoeLace1291 Posted June 18, 2007 Share Posted June 18, 2007 I just finished my image uploading site and I was wondering if some of you could test it for me? Just make sure that everything works correctly. http://www.mtechdev.com/imagebase/ Thanks in advance. Link to comment https://forums.phpfreaks.com/topic/56009-image-upload-site/ Share on other sites More sharing options...
agentsteal Posted June 18, 2007 Share Posted June 18, 2007 Admin Access: The password box contains your password. CAPTCHA: If you submit an invalid CAPTCHA the page displays the solution and the CAPTCHA hasn't expired. Cross Site Scripting: http://www.mtechdev.com/cgi-sys/scgiwrap/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.mtechdev.com/imagebase/image.php?img=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if your username contains code. Directory Transversal: http://www.mtechdev.com/imagebase/image.php?img=../images/flag.png Full Path Disclosure: http://www.mtechdev.com/cgi-sys/scgiwrap/ Full Path Disclosure: http://www.mtechdev.com/imagebase/image.php?img=a Warning: getimagesize(uploads/a) [function.getimagesize]: failed to open stream: No such file or directory in /home/mtechdev/public_html/imagebase/image.php on line 52 Full Path Disclosure: http://www.mtechdev.com/imagebase/image.php?img[] Warning: getimagesize(uploads/Array) [function.getimagesize]: failed to open stream: No such file or directory in /home/mtechdev/public_html/imagebase/image.php on line 52 If you log in incorrectly the password box contains an md5 of your password. Multiple users can upload the same filename. URL Inclusion: http://www.mtechdev.com/imagebase/redirect.php?act=sponsor&url=http://www.google.com/ User Enumeration: http://www.mtechdev.com/~mtechdev Link to comment https://forums.phpfreaks.com/topic/56009-image-upload-site/#findComment-276623 Share on other sites More sharing options...
Lumio Posted June 18, 2007 Share Posted June 18, 2007 Many errors Warning: Cannot modify header information - headers already sent by (output started at /home/mtechdev/public_html/imagebase/includes/overall_header.inc:7) in /home/mtechdev/public_html/imagebase/login.php on line 42 And why do I get another password as I set? And I also don't like that the thumbnail is gona shrink to a square. Hm... I marked one picture as private or something... and I can't see it. Link to comment https://forums.phpfreaks.com/topic/56009-image-upload-site/#findComment-276628 Share on other sites More sharing options...
Recommended Posts