siwelis Posted June 18, 2007 Share Posted June 18, 2007 Up until I started this website, all I used PHP for was the useful "include." I thought it was amazing at the time. Now, after doing the new version of my site (making it so I don't have to spend over an hour to add news story), I've learned I've still just scratched the surface of PHP (SQL too). If you can let me know what you think of my new site... http://www.chexed.com/intest.php I'd really appreciate it! Also, please let me know if you find any security holes as well... Thank you! Link to comment https://forums.phpfreaks.com/topic/56104-news-sales-site/ Share on other sites More sharing options...
siwelis Posted June 18, 2007 Author Share Posted June 18, 2007 Holy Crap, it looks like the DNS servers updated in less than 20 minutes... Usually it takes like 2 days, I didn't want it to happen this fast, for once! lol... http://chexed.com/ In case it hasn't propagated for you yet, it should look like the image I attached to this post... Special thanks to this post for the screen shot: http://www.phpfreaks.com/forums/index.php/topic,127228.0.html [attachment deleted by admin] Link to comment https://forums.phpfreaks.com/topic/56104-news-sales-site/#findComment-277095 Share on other sites More sharing options...
agentsteal Posted June 18, 2007 Share Posted June 18, 2007 Cross Site Scripting: http://www.chexed.com/cart.php/"><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.chexed.com/cgi-sys/scgiwrap/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.chexed.com/products.php/"><marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www.chexed.com/cgi-sys/scgiwrap/ User Enumeration: http://www.chexed.com/~root Link to comment https://forums.phpfreaks.com/topic/56104-news-sales-site/#findComment-277209 Share on other sites More sharing options...
siwelis Posted June 19, 2007 Author Share Posted June 19, 2007 You should block this file. It has Full Path Disclosure and Cross Site Scripting. http://www.chexed.com/cgi-sys/scgiwrap I can't even find this file... I've tried using mod rewrite on it and it doesn't seem to do anything with it. Anyone know how to find or block access to this file? Link to comment https://forums.phpfreaks.com/topic/56104-news-sales-site/#findComment-277312 Share on other sites More sharing options...
Recommended Posts