Jump to content

Recommended Posts

Cross Site Scripting:

There is Cross Site Scripting on the forgot password page if your email address contains code.

 

Cross Site Scripting:

There is Cross Site Scripting when you register if the fields contain ">code.

 

Full Path Disclosure:

http://www.thirdoctave.com/page_footer.php

Fatal error: Call to a member function set_file() on a non-object in /home/thirdoct/public_html/page_footer.php on line 3

 

Full Path Disclosure:

http://www.thirdoctave.com/test/test/echo.php

/home/thirdoct/public_html/test/test

 

Full Path Disclosure:

http://www.thirdoctave.com/test/test/test.php

/home/thirdoct/public_html/test/test

 

Full Path Disclosure:

There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value.

Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/thirdoct/public_html/page_header.php on line 3

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/thirdoct/public_html/page_header.php:3) in /home/thirdoct/public_html/page_header.php on line 3

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/thirdoct/public_html/page_header.php:3) in /home/thirdoct/public_html/page_header.php on line 3

 

Insecure Cookie:

You shouldn't put the password in the cookie.

 

Insecure Cookie:

You shouldn't put the username in the cookie.

 

User Enumeration:

http://www.thirdoctave.com/~root

 

User Enumeration:

http://www.thirdoctave.com/~thirdoct

Link to comment
https://forums.phpfreaks.com/topic/74554-test-register-please/#findComment-377363
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.