avillanu Posted September 19, 2007 Share Posted September 19, 2007 Site: http://www.crawfordresearch.com/arcade/ This is one of my first PHP scripts, so please be forgiving. I would also highly appreciate it if you guys had any suggestions. Note: I know that users can vote multiple times, I'm working on a solution for this. Thanks Alex Link to comment Share on other sites More sharing options...
avillanu Posted September 19, 2007 Author Share Posted September 19, 2007 I forgot to mention that this script will be released for free and help small-time webmasters, so your contribution will help the good of humanity Link to comment Share on other sites More sharing options...
agentsteal Posted September 20, 2007 Share Posted September 20, 2007 Cross Site Scripting: http://www.crawfordresearch.com/arcade/search.php?term=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if you submit a search that contains code. Drop Down Menu: If you edit the Rate drop down menu you can submit arbitrary values. Full Path Disclosure: http://www.crawfordresearch.com/arcade/category.php Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/crawford/public_html/arcade/category.php on line 32 Full Path Disclosure: http://www.crawfordresearch.com/arcade/search.php?term[] Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/crawford/public_html/arcade/search.php on line 15 Null User: You can register a null username. User Enumeration: http://www.crawfordresearch.com/~crawford User Enumeration: http://www.crawfordresearch.com/~root Link to comment Share on other sites More sharing options...
Recommended Posts