Jump to content

[SOLVED] sites up and ready for security test two...

thewooleymammoth
 Share

Recommended Posts

agentsteal Newbie

agentsteal

Posted
Posted

Array:

http://www.getyourlinkon.net/member.php?user[]

 

Array:

http://www.getyourlinkon.net/viewrequest.php?title[]

 

Cross Site Scripting:

There is Cross Site Scripting if the Expect header contains code.

 

Cross Site Scripting:

There is Cross Site Scripting on the Links page if the fields contain 'code.

 

Cross Site Scripting:

There is Cross Site Scripting when you register if the fields contain code.

 

Directory Transversal:

http://www.getyourlinkon.net/member.php?user=../request/agentsteal

 

Directory Transversal:

You can make txt files in any directory by registering with the username set to ../filename.

 

Directory Transversal:

You can make txt files in any directory by requesting a link with the title set to ../filename.

 

Full Path Disclosure:

http://www.getyourlinkon.net/test.php

Fatal error: Call to undefined function: scandir() in /homepages/8/d218498496/htdocs/test.php on line 3

 

Insecure Cookie:

You shouldn't put the username in the cookie.

 

You can log in as any user by setting the auth cookie to their username.

 

You can make txt files in http://www.getyourlinkon.net/members/ by registering with the username set to the filename.

 

You can make txt files in http://www.getyourlinkon.net/request/ by requesting a link with the title set to the filename.

Link to comment
Share on other sites
php_tom Newbie

php_tom

Posted
Posted

how do i disable java script?

 

Easiest thing might be to check the URL when the user submits it. Something like:

<?php
if(@file_get_contents("http://theURLtheyEntered.com")!="") echo "OK!"; else echo "BAD!";
?>

Link to comment
Share on other sites
thewooleymammoth Advanced Member

thewooleymammoth

Posted
  • Author
Posted

how do i disable java script?

 

Easiest thing might be to check the URL when the user submits it. Something like:

<?php
if(@file_get_contents("http://theURLtheyEntered.com")!="") echo "OK!"; else echo "BAD!";
?>

 

 

oh so what that does is checks to see if the page they submitted exists...? wow thats a good idea. thanks

 

Link to comment
Share on other sites
php_tom Newbie

php_tom

Posted
Posted

how do i disable java script?

 

Easiest thing might be to check the URL when the user submits it. Something like:

<?php
if(@file_get_contents("http://theURLtheyEntered.com")!="") echo "OK!"; else echo "BAD!";
?>

 

Great, except that now if the link doesn't exist, it adds a blank link to the list. You should probably fix that.

 

oh so what that does is checks to see if the page they submitted exists...? wow thats a good idea. thanks

 

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.