thewooleymammoth Posted October 14, 2007 Share Posted October 14, 2007 www.getyourlinkon.net just updated security for mysql injection so tell me if you can get anything to work, thanks, tell me what you think of the site also, if you feel like cruising. Link to comment Share on other sites More sharing options...
agentsteal Posted October 15, 2007 Share Posted October 15, 2007 Array: http://www.getyourlinkon.net/links.php?type[] Array: http://www.getyourlinkon.net/member.php?user[] Cross Site Scripting: http://www.getyourlinkon.net/links.php?type='><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Cross Site Scripting: There is Cross Site Scripting when you add a link if the filename contains code. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain code. Full Path Disclosure: http://www.getyourlinkon.net/test.php Fatal error: Call to undefined function: scandir() in /homepages/8/d218498496/htdocs/test.php on line 3 Link to comment Share on other sites More sharing options...
thewooleymammoth Posted October 15, 2007 Author Share Posted October 15, 2007 There is Cross Site Scripting if you add a link with code in the filename. Full Path Disclosure: http://www.getyourlinkon.net/test.php Fatal error: Call to undefined function: scandir() in /homepages/8/d218498496/htdocs/test.php on line 3 but no one can see the links? and what did you type in to make a filename? in the add a link section? Link to comment Share on other sites More sharing options...
thewooleymammoth Posted October 15, 2007 Author Share Posted October 15, 2007 Your site is vulnerable to Cross Site Scripting through the "Expect" header. Array: http://www.getyourlinkon.net/links.php?type[] Cross Site Scripting: http://www.getyourlinkon.net/links.php?type='><marquee><h1>vulnerable</marquee> i dont understand how you did that? i have it strip_tags(); and str replace it with this... $bad=array("|",".","/","<",">",",",'$',"+","-","=","!","@","#","^","&","(",")","[","]","{","}",";",":","../", "java", "javascript", "script", "\\", "mysql", "query", "MYSQL", "QUERY"); $good=array("","","","","","","","","","","","","","","","","","","","","","","","","","","","", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", ""); $filtertype=str_replace($bad, $good, $_GET['type']); $type=strip_tags($filtertype); i dont see how that is happening..? Link to comment Share on other sites More sharing options...
thewooleymammoth Posted October 15, 2007 Author Share Posted October 15, 2007 Your site is vulnerable to Cross Site Scripting through the "Expect" header. Array: http://www.getyourlinkon.net/links.php?type[] Cross Site Scripting: http://www.getyourlinkon.net/links.php?type='><marquee><h1>vulnerable</marquee> i dont understand how you did that? i have it strip_tags(); and str replace it with this... $bad=array("|",".","/","<",">",",",'$',"+","-","=","!","@","#","^","&","(",")","[","]","{","}",";",":","../", "java", "javascript", "script", "\\", "mysql", "query", "MYSQL", "QUERY"); $good=array("","","","","","","","","","","","","","","","","","","","","","","","","","","","", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", ""); $filtertype=str_replace($bad, $good, $_GET['type']); $type=strip_tags($filtertype); i dont see how that is happening..? ok wow im an idiot, that is solved now, did anyone get any sql injections through though? Link to comment Share on other sites More sharing options...
Recommended Posts