Some of my projects

[speaker219]

You could test out

http://speaker219.ath.cx:8080/

Hope its ok to post in this forum, but there are actually things to beta test there

[trq]

Connection refused.

[source]

http://speaker219.ath.cx:8080/message/admin.php?hand=%22%3E%3Cscript%3Ealert(1);%3C/script%3E

xss

[source]

http://speaker219.ath.cx:8080/pastebin/paste.php?post=admin.php

 

 

you're opening anything that is there, rfi.

 

I can sign up with "><script>alert(1);</script>

 

and it will xss...

 

 

also, I can include any text file http://speaker219.ath.cx:8080/message/admin.php?hand=admin.php&view=true

 

 

also, sending a message can contain anycode.

 

I do not need to register, and I can login as anyone simply by changing

 

http://speaker219.ath.cx:8080/message/admin.php?hand=source&view=true

 

the value of $_GET['hand'];

 

deleting all from IP I entered 1.1.1.1

 

and I got these errors

 

Warning: file(<?php echo $h; ?>.txt) [function.file]: failed to open stream: No such file or directory in /opt/lampp/htdocs/message/test.php on line 12

 

Warning: Invalid argument supplied for foreach() in /opt/lampp/htdocs/message/test.php on line 20

 

It may be because I tried to change my hand=<?php echo "Shit"; ?> And somehow it fucked it all up.

 

you're using txt files to store the data, :/

 

also,i can registere the same id over and over.

 

 

" excuse me 74.******.*****.****** but can you stop trying to hack me "

 

well what the "heck" do you want me to do? let someone else abuse your system?

[LiamProductions]

The site link you provided does not work.

[Killmenow]

You may want to test by clicking the button with no code in there....

 

Outputed on IE 7.0.5

----------------------------------------------------------------

Array ( )

 

Your code is:

 

 

 

<a href="/obfuscator/index.php>Obfuscate some more