SoireeExtreme Posted October 25, 2007 Share Posted October 25, 2007 http://alliedcreed.co.nr/ Hi, I'm a bit unsure about doing this. But hey... I know my site is probably not that secure and has lots of flaws. Plus I know somethings still need to be constructed. But for the time being I'd like to know what others have to say from whatever tests you all feel the need and want to do to my site... Allied Creed is a text based game. If you need to know more details be let me know. I'd be more then happy to tell you so it will help you run tests or whatever it is you do so you can inform me with your remarks. Thanks you... Link to comment Share on other sites More sharing options...
agentsteal Posted October 25, 2007 Share Posted October 25, 2007 Cross Site Scripting: There is Cross Site Scripting on http://alliedcreed.awardspace.com/bank/bank.php if the withdraw field contains code. Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. DOS: http://alliedcreed.awardspace.com/players.php/ DOS: http://alliedcreed.awardspace.com/test.php/ DOS: http://alliedcreed.awardspace.com/town.php/ DOS: http://alliedcreed.awardspace.com/updates.php/ Full Path Disclosure: http://alliedcreed.awardspace.com/forum/acforum.php Warning: mysql_connect(): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /home/www/alliedcreed.awardspace.com/forum/connect.php on line 4 Full Path Disclosure: http://alliedcreed.awardspace.com/forum/bsforum.php Warning: mysql_connect(): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /home/www/alliedcreed.awardspace.com/forum/connect.php on line 4 Full Path Disclosure: http://alliedcreed.awardspace.com/forum/connect.php Warning: mysql_connect(): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) in /home/www/alliedcreed.awardspace.com/forum/connect.php on line 4 Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value. Warning: session_start(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in /home/www/alliedcreed.awardspace.com/authenticate.php on line 2 Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/www/alliedcreed.awardspace.com/authenticate.php:2) in /home/www/alliedcreed.awardspace.com/authenticate.php on line 2 Warning: Unknown(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in Unknown on line 0 Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 User Enumeration: http://alliedcreed.co.nr/~nobody User Enumeration: http://alliedcreed.co.nr/~root Link to comment Share on other sites More sharing options...
Recommended Posts