Jump to content

Recommended Posts

Site:

 

http://www.crawfordresearch.com/arcade/

 

This is one of my first PHP scripts, so please be forgiving. I would also highly appreciate it if you guys had any suggestions.

 

Note: I know that users can vote multiple times, I'm working on a solution for this.

 

Thanks

 

Alex

Cross Site Scripting:

http://www.crawfordresearch.com/arcade/search.php?term=<marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

There is Cross Site Scripting if you submit a search that contains code.

 

Drop Down Menu:

If you edit the Rate drop down menu you can submit arbitrary values.

 

Full Path Disclosure:

http://www.crawfordresearch.com/arcade/category.php

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/crawford/public_html/arcade/category.php on line 32

 

Full Path Disclosure:

http://www.crawfordresearch.com/arcade/search.php?term[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/crawford/public_html/arcade/search.php on line 15

 

Null User:

You can register a null username.

 

User Enumeration:

http://www.crawfordresearch.com/~crawford

 

User Enumeration:

http://www.crawfordresearch.com/~root

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.