Jump to content

Recommended Posts

I have finished the first draft of my site and I was hoping to have some members test it for me and report errors and such.

 

My site is a site for garden seed trading with friends. It has quite a few features that need to be tested. The forums have not been added. I have added a "help & howtos" under the "About" menu if you need help using the site then you can check this page out for expected outputs for the site. It has help pictures and good information on how the site works. This is just the temp server that I have the site on and it will be moved to the permanent server after testing. Could you just test for errors and problems in the directory that the site is in and all files and folders within that directory.

 

You can register a user and please test it out. If you have any suggestions feel free to offer them here. If you notice any layout issues I would like to hear about these as well. I am still pretty new to PHP so I am sure there will be errors/issues and I thank you for testing it out. If my server is slow I am sorry it is pretty crappy and I will be moving the site after testing.

 

http://www.seedswaps.com

 

Thanks.

Link to comment
https://forums.phpfreaks.com/topic/72704-need-site-testers-please/
Share on other sites

Cross Site Scripting:

There is Cross Site Scripting on http://www.brentmorine.com/seedswaps/site_pages/index.php?do=seedsofinterest if the Number of Seeds of Interest field contains code.

 

Drop Down Menu:

If you edit the Seed drop down menu on http://www.brentmorine.com/seedswaps/site_pages/index.php?do=fillrequest you can submit arbitrary values.

 

Full Path Disclosure:

There is Full Path Disclosure if you upload an invalid image.

Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: gd-jpeg: JPEG library reports unrecoverable error: in /home/brentmor/public_html/seedswaps/site_pages/includes/processaddseeds.php on line 207

 

Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: 'uploaded_images/seed_images//1155c83c954a5752bd94b04cbc3f8a54.jpg' is not a valid JPEG file in /home/brentmor/public_html/seedswaps/site_pages/includes/processaddseeds.php on line 207

 

Warning: imagecopyresampled(): supplied argument is not a valid Image resource in /home/brentmor/public_html/seedswaps/site_pages/includes/processaddseeds.php on line 208

 

Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: gd-jpeg: JPEG library reports unrecoverable error: in /home/brentmor/public_html/seedswaps/site_pages/includes/processaddseeds.php on line 256

 

Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: 'uploaded_images/seed_images//1155c83c954a5752bd94b04cbc3f8a54.jpg' is not a valid JPEG file in /home/brentmor/public_html/seedswaps/site_pages/includes/processaddseeds.php on line 256

 

Warning: imagecopyresampled(): supplied argument is not a valid Image resource in /home/brentmor/public_html/seedswaps/site_pages/includes/processaddseeds.php on line 257

 

Full Path Disclosure:

There is Full Path Disclosure on http://www.brentmorine.com/seedswaps/site_pages/index.php?do=fillrequest if you set the Seed drop down menu to a negative number.

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/brentmor/public_html/seedswaps/site_pages/includes/processtrade.php on line 47

 

User Enumeration:

http://www.brentmorine.com/~brentmor

 

User Enumeration:

http://www.brentmorine.com/~nobody

 

User Enumeration:

http://www.brentmorine.com/~root

 

User Enumeration:

http://www.seedswaps.com/~brentmor

 

User Enumeration:

http://www.seedswaps.com/~nobody

 

User Enumeration:

http://www.seedswaps.com/~root

You can submit arbitrary values by editing the drop down menu on http://www.brentmorine.com/seedswaps/site_pages/index.php?do=fillrequest

 

Fixed

 

Full Path Disclosure if you upload an invalid image:

 

Fixed

 

Full Path Disclosure:

If you request a trade and change the seed to a negative number by editing the drop down menu.

Quote

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/brentmor/public_html/seedswaps/site_pages/includes/processtrade.php on line 47

 

Fixed

I'm not sure what to do about the User Enumeration some of the links go to "Not Acceptable", some just to "Forbidden" and the others just load the page? I am not sure what it is that I need to fix? Please Help??

 

Me too very much curious about this.

Hope agentsteal would help us.

from: Neohapsis

You can compile Apache without UserDir, you can totally disable UserDir, or

you can enable UserDir only for specific users

 

e.g.

UserDir public_html

UserDir disabled

UserDir enable 11a

 

But since most users only have control of their websites through something like cPanel for the "Remote Username Enumeration Vulnerability" you make a custom 403 error page by copying your 404 error page. This will only seem to generate 404 errors and will only allow users with valid index pages to be identified.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.