speaker219 Posted July 9, 2007 Share Posted July 9, 2007 You could test out http://speaker219.ath.cx:8080/ Hope its ok to post in this forum, but there are actually things to beta test there Link to comment Share on other sites More sharing options...
trq Posted July 9, 2007 Share Posted July 9, 2007 Connection refused. Link to comment Share on other sites More sharing options...
source Posted July 9, 2007 Share Posted July 9, 2007 http://speaker219.ath.cx:8080/message/admin.php?hand=%22%3E%3Cscript%3Ealert(1);%3C/script%3E xss Link to comment Share on other sites More sharing options...
source Posted July 9, 2007 Share Posted July 9, 2007 http://speaker219.ath.cx:8080/pastebin/paste.php?post=admin.php you're opening anything that is there, rfi. I can sign up with "><script>alert(1);</script> and it will xss... also, I can include any text file http://speaker219.ath.cx:8080/message/admin.php?hand=admin.php&view=true also, sending a message can contain anycode. I do not need to register, and I can login as anyone simply by changing http://speaker219.ath.cx:8080/message/admin.php?hand=source&view=true the value of $_GET['hand']; deleting all from IP I entered 1.1.1.1 and I got these errors Warning: file(<?php echo $h; ?>.txt) [function.file]: failed to open stream: No such file or directory in /opt/lampp/htdocs/message/test.php on line 12 Warning: Invalid argument supplied for foreach() in /opt/lampp/htdocs/message/test.php on line 20 It may be because I tried to change my hand=<?php echo "Shit"; ?> And somehow it fucked it all up. you're using txt files to store the data, :/ also,i can registere the same id over and over. " excuse me 74.******.*****.****** but can you stop trying to hack me " well what the "heck" do you want me to do? let someone else abuse your system? Link to comment Share on other sites More sharing options...
LiamProductions Posted July 15, 2007 Share Posted July 15, 2007 The site link you provided does not work. Link to comment Share on other sites More sharing options...
Killmenow Posted August 1, 2007 Share Posted August 1, 2007 You may want to test by clicking the button with no code in there.... Outputed on IE 7.0.5 ---------------------------------------------------------------- Array ( ) Your code is: <a href="/obfuscator/index.php>Obfuscate some more Link to comment Share on other sites More sharing options...
Recommended Posts