Jump to content

[SOLVED] new site i just put up

thewooleymammoth

By thewooleymammoth
in Beta Test Your Stuff!

 Share

Recommended Posts

thewooleymammoth Advanced Member

thewooleymammoth

Posted
Posted

<a href='http://www.getyourlinkon.net' target='_blank'>www.getyourlinkon.net</a>

 

 

 

tell me if you find any errors, the first time you go there it takes a minute to load, i have to work with the server people about that... if you know why please tell me. if you have any ideas or if you find errors please tell me, thanks.

Link to comment
https://forums.phpfreaks.com/topic/70800-solved-new-site-i-just-put-up/
Share on other sites
agentsteal Newbie

agentsteal

Posted
Posted

Array:

http://www.getyourlinkon.net/allmembers.php?search[]

 

Array:

http://www.getyourlinkon.net/member.php?user[]

 

Array:

http://www.getyourlinkon.net/viewrequest.php?title[]

 

Cross Site Scripting:

http://www.getyourlinkon.net/member.php?user=../request/agentsteal

 

Cross Site Scripting:

There is Cross Site Scripting if the auth cookie contains code.

 

Cross Site Scripting:

There is Cross Site Scripting if the Expect header contains code.

 

Cross Site Scripting:

There is Cross Site Scripting on the Links page if the fields contain 'code.

 

Cross Site Scripting:

There is Cross Site Scripting on the Request a Link page if the fields contain 'code.

 

Cross Site Scripting:

There is Cross Site Scripting when you register if the fields contain 'code.

 

Directory Transversal:

http://www.getyourlinkon.net/member.php?user=../request/agentsteal

 

Directory Transversal:

You can make txt files in any directory by registering with the username set to ../filename.

 

Directory Transversal:

You can make txt files in any directory by requesting a link with the title set to ../filename.

 

Full Path Disclosure:

http://www.getyourlinkon.net/test.php

Fatal error: Call to undefined function: scandir() in /homepages/8/d218498496/htdocs/test.php on line 3

 

Insecure Cookie:

You shouldn't put the username in the cookie.

 

PHP Source Code Disclosure:

http://www.getyourlinkon.net/

<?php
echo "<html>
<META HTTP-EQUIV='Refresh'
      CONTENT='5; URL=index.php'>
</html>";
?>

 

You can log in as any user by setting the auth cookie to their username.

 

You can make txt files in http://www.getyourlinkon.net/members/ by registering with the username set to the filename.

 

You can make txt files in http://www.getyourlinkon.net/request/ by requesting a link with the title set to the filename.

corbin Regular Member

corbin

Posted
Posted

Responcible -> Responsible.

 

If you fill in the reg form incorrectly, it leads you to a blank white page with the error.... Perhaps have it show the form below the error or something.  (Just personal preference)

 

If you put a quote into a profile field (well... I tested single quote actually), it's escaping it. \'

 

You should never expect anything client side to be correct....

 

You're sending the file name to the client as a hidden field on the edit profile page, and that's editable.  If I was in a mean mood, I might try to replace your index.php ;p.

 

Consider keeping the username in a session variable and then using that for the file name, not something sent to the client side and then sent back.

 

I see that the topic is solved, so maybe you're working on this stuff, but I just thought you should know ;p.

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.