Bethrezen Posted October 10, 2007 Share Posted October 10, 2007 hi all I was wondering if someone could take a look at my site and check to make sure I'm leaving any security holes open here is a link to the first page of the site http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Index.php?page=Section-1-Introduction I think I'm probably OK but just to be sure I'd appreciate it if someone would check I can do with out having my hard work wiped out by some malicious individual that happens to take a dislike to my efforts Link to comment https://forums.phpfreaks.com/topic/72664-security-check/ Share on other sites More sharing options...
agentsteal Posted October 10, 2007 Share Posted October 10, 2007 Cross Site Scripting: http://h1.ripway.com/Bethrezen/demo/phpinfo.php/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/index.php/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Navigation/footer.php/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Navigation/menu.php/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Switch/link-switcher.php/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Switch/page-switcher.php/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Switch/style-switcher.php/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Switch/title-switcher.php/<marquee><h1>vulnerable</marquee> Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/phpinfo.php Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/phpinfo.php/a Warning: Unknown(): Unable to access \\192.168.1.16\webfiles\files\2005-3\275289\demo\phpinfo.php\a in Unknown on line 0 Warning: Unknown(\\192.168.1.16\webfiles\files\2005-3\275289\demo\phpinfo.php\a): failed to open stream: No such file or directory in Unknown on line 0 Warning: (null)(): Failed opening '\\192.168.1.16\webfiles\files\2005-3\275289\demo\phpinfo.php\a' for inclusion (include_path='.;c:\php\includes') in Unknown on line 0 Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/index.php/ Warning: main(): open_basedir restriction in effect. File(\\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo/Switch/title-switcher.php) is not within the allowed path(s): (.) in \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\index.php on line 11 Warning: main(Switch/title-switcher.php): failed to open stream: Operation not permitted in \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\index.php on line 11 Warning: main(): Failed opening 'Switch/title-switcher.php' for inclusion (include_path='.;c:\php\includes') in \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\index.php on line 11 Warning: main(): open_basedir restriction in effect. File(\\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo/Switch/style-switcher.php) is not within the allowed path(s): (.) in \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\index.php on line 15 Warning: main(Switch/style-switcher.php): failed to open stream: Operation not permitted in \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\index.php on line 15 Warning: main(): Failed opening 'Switch/style-switcher.php' for inclusion (include_path='.;c:\php\includes') in \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\index.php on line 15 Warning: main(): open_basedir restriction in effect. File(\\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo/Navigation/menu.php) is not within the allowed path(s): (.) in \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\index.php on line 26 Warning: main(Navigation/menu.php): failed to open stream: Operation not permitted in \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\index.php on line 26 Warning: main(): Failed opening 'Navigation/menu.php' for inclusion (include_path='.;c:\php\includes') in \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\index.php on line 26 Warning: main(): open_basedir restriction in effect. File(\\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo/Switch/page-switcher.php) is not within the allowed path(s): (.) in \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\index.php on line 46 Warning: main(Switch/page-switcher.php): failed to open stream: Operation not permitted in \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\index.php on line 46 Warning: main(): Failed opening 'Switch/page-switcher.php' for inclusion (include_path='.;c:\php\includes') in \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\index.php on line 46 Warning: main(): open_basedir restriction in effect. File(\\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo/Navigation/footer.php) is not within the allowed path(s): (.) in \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\index.php on line 54 Warning: main(Navigation/footer.php): failed to open stream: Operation not permitted in \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\index.php on line 54 Warning: main(): Failed opening 'Navigation/footer.php' for inclusion (include_path='.;c:\php\includes') in \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\index.php on line 54 Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Navigation/footer.php Warning: main(Switch/link-switcher.php): failed to open stream: No such file or directory in \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Navigation\footer.php on line 9 Warning: main(): Failed opening 'Switch/link-switcher.php' for inclusion (include_path='.;c:\php\includes') in \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Navigation\footer.php on line 9 Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Navigation/footer.php/a Warning: Unknown(): Unable to access \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Navigation\footer.php\a in Unknown on line 0 Warning: Unknown(\\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Navigation\footer.php\a): failed to open stream: No such file or directory in Unknown on line 0 Warning: (null)(): Failed opening '\\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Navigation\footer.php\a' for inclusion (include_path='.;c:\php\includes') in Unknown on line 0 Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/index.php/a Warning: Unknown(): Unable to access \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\index.php\a in Unknown on line 0 Warning: Unknown(\\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\index.php\a): failed to open stream: No such file or directory in Unknown on line 0 Warning: (null)(): Failed opening '\\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\index.php\a' for inclusion (include_path='.;c:\php\includes') in Unknown on line 0 Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Navigation/menu.php/a Warning: Unknown(): Unable to access \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Navigation\menu.php\a in Unknown on line 0 Warning: Unknown(\\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Navigation\menu.php\a): failed to open stream: No such file or directory in Unknown on line 0 Warning: (null)(): Failed opening '\\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Navigation\menu.php\a' for inclusion (include_path='.;c:\php\includes') in Unknown on line 0 Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Switch/link-switcher.php/a Warning: Unknown(): Unable to access \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Switch\link-switcher.php\a in Unknown on line 0 Warning: Unknown(\\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Switch\link-switcher.php\a): failed to open stream: No such file or directory in Unknown on line 0 Warning: (null)(): Failed opening '\\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Switch\link-switcher.php\a' for inclusion (include_path='.;c:\php\includes') in Unknown on line 0 Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Switch/page-switcher.php/ Warning: Unknown(): Unable to access \\192.168.0.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Switch\page-switcher.php\Index.php in Unknown on line 0 Warning: Unknown(\\192.168.0.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Switch\page-switcher.php\Index.php): failed to open stream: No such file or directory in Unknown on line 0 Warning: (null)(): Failed opening '\\192.168.0.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Switch\page-switcher.php\Index.php' for inclusion (include_path='.;c:\php\includes') in Unknown on line 0 Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Switch/style-switcher.php/a Warning: Unknown(): Unable to access \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Switch\style-switcher.php\a in Unknown on line 0 Warning: Unknown(\\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Switch\style-switcher.php\a): failed to open stream: No such file or directory in Unknown on line 0 Warning: (null)(): Failed opening '\\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Switch\style-switcher.php\a' for inclusion (include_path='.;c:\php\includes') in Unknown on line 0 Full Path Disclosure: http://h1.ripway.com/Bethrezen/demo/Web-Site-Demo/Switch/title-switcher.php/a Warning: Unknown(): Unable to access \\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Switch\title-switcher.php\a in Unknown on line 0 Warning: Unknown(\\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Switch\title-switcher.php\a): failed to open stream: No such file or directory in Unknown on line 0 Warning: (null)(): Failed opening '\\192.168.1.16\webfiles\files\2005-3\275289\demo\Web-Site-Demo\Switch\title-switcher.php\a' for inclusion (include_path='.;c:\php\includes') in Unknown on line 0 Link to comment https://forums.phpfreaks.com/topic/72664-security-check/#findComment-366398 Share on other sites More sharing options...
Bethrezen Posted October 11, 2007 Author Share Posted October 11, 2007 hi ouch ok wasn't expecting that question what is it that you are doing to get the server to generate these errors that could potentially be used to hack the site I been building ?? also how do I prevent this sort of thing ?? keep in mind this is a free web host so I don't have server access and are these things a problem with the server or my code or both ? Link to comment https://forums.phpfreaks.com/topic/72664-security-check/#findComment-366663 Share on other sites More sharing options...
Recommended Posts