Toshiba23 Posted October 24, 2007 Share Posted October 24, 2007 www.thirdoctave.com/register.php Please do whatever you like to it, just need to see if it's secure... Link to comment https://forums.phpfreaks.com/topic/74554-test-register-please/ Share on other sites More sharing options...
agentsteal Posted October 24, 2007 Share Posted October 24, 2007 Cross Site Scripting: There is Cross Site Scripting on the forgot password page if your email address contains code. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain ">code. Full Path Disclosure: http://www.thirdoctave.com/page_footer.php Fatal error: Call to a member function set_file() on a non-object in /home/thirdoct/public_html/page_footer.php on line 3 Full Path Disclosure: http://www.thirdoctave.com/test/test/echo.php /home/thirdoct/public_html/test/test Full Path Disclosure: http://www.thirdoctave.com/test/test/test.php /home/thirdoct/public_html/test/test Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value. Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/thirdoct/public_html/page_header.php on line 3 Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/thirdoct/public_html/page_header.php:3) in /home/thirdoct/public_html/page_header.php on line 3 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/thirdoct/public_html/page_header.php:3) in /home/thirdoct/public_html/page_header.php on line 3 Insecure Cookie: You shouldn't put the password in the cookie. Insecure Cookie: You shouldn't put the username in the cookie. User Enumeration: http://www.thirdoctave.com/~root User Enumeration: http://www.thirdoctave.com/~thirdoct Link to comment https://forums.phpfreaks.com/topic/74554-test-register-please/#findComment-377363 Share on other sites More sharing options...
Toshiba23 Posted October 26, 2007 Author Share Posted October 26, 2007 What is bad about path disclosure? Link to comment https://forums.phpfreaks.com/topic/74554-test-register-please/#findComment-378865 Share on other sites More sharing options...
Guardian-Mage Posted October 27, 2007 Share Posted October 27, 2007 Hackers who don't like you or just want to be a$$holes can use a Full Path Disclosure to cause all sorts of havoc with your webserver, and if you are on a shared server it could get you in a lot of trouble. Link to comment https://forums.phpfreaks.com/topic/74554-test-register-please/#findComment-378972 Share on other sites More sharing options...
Recommended Posts