Jump to content

Recommended Posts

Array:

http://www.getyourlinkon.net/links.php?type[]

 

Array:

http://www.getyourlinkon.net/member.php?user[]

 

Cross Site Scripting:

http://www.getyourlinkon.net/links.php?type='><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

There is Cross Site Scripting if the Expect header contains code.

 

Cross Site Scripting:

There is Cross Site Scripting when you add a link if the filename contains code.

 

Cross Site Scripting:

There is Cross Site Scripting when you register if the fields contain code.

 

Full Path Disclosure:

http://www.getyourlinkon.net/test.php

Fatal error: Call to undefined function: scandir() in /homepages/8/d218498496/htdocs/test.php on line 3

There is Cross Site Scripting if you add a link with code in the filename.

 

Full Path Disclosure:

http://www.getyourlinkon.net/test.php

Fatal error: Call to undefined function: scandir() in /homepages/8/d218498496/htdocs/test.php on line 3

 

 

but no one can see the links? and what did you type in to make a filename? in the add a link section?

Your site is vulnerable to Cross Site Scripting through the "Expect" header.

 

Array:

http://www.getyourlinkon.net/links.php?type[]

 

Cross Site Scripting:

http://www.getyourlinkon.net/links.php?type='><marquee><h1>vulnerable</marquee>

 

i dont understand how  you did that? i have it strip_tags(); and str replace it with this...

 

$bad=array("|",".","/","<",">",",",'$',"+","-","=","!","@","#","^","&","(",")","[","]","{","}",";",":","../", "java", "javascript", "script", "\\", "mysql", "query", "MYSQL", "QUERY");
$good=array("","","","","","","","","","","","","","","","","","","","","","","","","","","","", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "");
$filtertype=str_replace($bad, $good, $_GET['type']);
$type=strip_tags($filtertype);

 

i dont see how that is happening..?

 

 

 

 

 

Your site is vulnerable to Cross Site Scripting through the "Expect" header.

 

Array:

http://www.getyourlinkon.net/links.php?type[]

 

Cross Site Scripting:

http://www.getyourlinkon.net/links.php?type='><marquee><h1>vulnerable</marquee>

 

i dont understand how  you did that? i have it strip_tags(); and str replace it with this...

 

$bad=array("|",".","/","<",">",",",'$',"+","-","=","!","@","#","^","&","(",")","[","]","{","}",";",":","../", "java", "javascript", "script", "\\", "mysql", "query", "MYSQL", "QUERY");
$good=array("","","","","","","","","","","","","","","","","","","","","","","","","","","","", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "", "");
$filtertype=str_replace($bad, $good, $_GET['type']);
$type=strip_tags($filtertype);

 

i dont see how that is happening..?

 

 

 

 

 

 

 

ok wow im an idiot, that is solved now, did anyone get any sql injections through though?

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.