GamingWarrior Posted November 5, 2007 Share Posted November 5, 2007 Hey Guys I'm hoping to open my site to public beta shortly but don't want a bunch of no lifers to bring it down with sql exploits and what ever other exploits exist. So basic what I'm asking from you guys is to try and find anything that may be used against me after release. Try not to brake anything but i do have a back-up just trying to avoid having to use it. The url is http://themespot.info/ Now go wild -Gaming Warrior Link to comment Share on other sites More sharing options...
php_tom Posted November 5, 2007 Share Posted November 5, 2007 You should handle downloading themes with invalid ids, like this link: http://themespot.info/?page=theme&themeid=-1&download=yes Just spins trying to start download every 3 secs. This could use some work: http://themespot.info/?page=screenshot Link to comment Share on other sites More sharing options...
source Posted November 6, 2007 Share Posted November 6, 2007 http://themespot.info/?page=theme&themeid=%22%3E%3Cmarquee%3Elolz xssssss Link to comment Share on other sites More sharing options...
GamingWarrior Posted November 6, 2007 Author Share Posted November 6, 2007 You should handle downloading themes with invalid ids, like this link: http://themespot.info/?page=theme&themeid=-1&download=yes Just spins trying to start download every 3 secs. This could use some work: http://themespot.info/?page=screenshot Yea, there easy fixes, thanks for the heads up..... http://themespot.info/?page=theme&themeid=%22%3E%3Cmarquee%3Elolz xssssss How can i avoid this? Link to comment Share on other sites More sharing options...
GamingWarrior Posted November 6, 2007 Author Share Posted November 6, 2007 Ok, I think i have patched all the above. Tell me if I'm wrong. Link to comment Share on other sites More sharing options...
agentsteal Posted November 6, 2007 Share Posted November 6, 2007 Array: http://www.themespot.info/blog/article.php?id_art[] Array: http://www.themespot.info/blog/topic.php?id_top[] Cross Site Scripting: http://www.themespot.info/blog/article.php?id_art=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.themespot.info/index.php?page=themes&sortorder="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.themespot.info/index.php?page=themes&sortby="><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.themespot.info/blog/topic.php?id_top=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you upload a theme. Drop Down Menu: If you edit the drop down menus on http://www.themespot.info/index.php?page=themes you can submit arbitrary values. Full Path Disclosure: http://www.themespot.info/~gamerz Warning: fopen(/home/gamerz/public_html/ThemeSpot/1337h0st/log.htm) [function.fopen]: failed to open stream: No such file or directory in /home/gamerz/public_html/index.php on line 27 Warning: fwrite(): supplied argument is not a valid stream resource in /home/gamerz/public_html/index.php on line 28 Warning: fwrite(): supplied argument is not a valid stream resource in /home/gamerz/public_html/index.php on line 29 Warning: fclose(): supplied argument is not a valid stream resource in /home/gamerz/public_html/index.php on line 30 Warning: include(/home/gamerz/public_html/ThemeSpot/home.php) [function.include]: failed to open stream: No such file or directory in /home/gamerz/public_html/index.php on line 65 Warning: include() [function.include]: Failed opening '/home/gamerz/public_html/ThemeSpot/home.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php:/usr/local/lib/php/snoopy') in /home/gamerz/public_html/index.php on line 65 Full Path Disclosure: http://www.themespot.info/Files/ Warning: include(./Files/home.php) [function.include]: failed to open stream: No such file or directory in /home/gamerz/public_html/ThemeSpot/Files/index.php on line 107 Warning: include() [function.include]: Failed opening './Files/home.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php:/usr/local/lib/php/snoopy') in /home/gamerz/public_html/ThemeSpot/Files/index.php on line 107 Full Path Disclosure: http://www.themespot.info/Files/home.php Warning: include(./blog/index.php) [function.include]: failed to open stream: No such file or directory in /home/gamerz/public_html/ThemeSpot/Files/home.php on line 66 Warning: include() [function.include]: Failed opening './blog/index.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php:/usr/local/lib/php/snoopy') in /home/gamerz/public_html/ThemeSpot/Files/home.php on line 66 Full Path Disclosure: http://www.themespot.info/index.php?page=themes&pageno=a Fatal error: Maximum execution time of 30 seconds exceeded in /home/gamerz/public_html/ThemeSpot/Files/themes.php on line 95 SQL Error: http://www.themespot.info/blog/article.php SQL Error: http://www.themespot.info/blog/topic.php SQL Injection: http://www.themespot.info/blog/article.php?id_art=5 AND 1=1 http://www.themespot.info/blog/article.php?id_art=5 AND 1=2 SQL Injection: http://www.themespot.info/blog/topic.php?id_top=2 AND 1=1 http://www.themespot.info/blog/topic.php?id_top=2 AND 1=2 User Enumeration: http://www.themespot.info/~gamerz User Enumeration: http://www.themespot.info/~root Link to comment Share on other sites More sharing options...
php_tom Posted November 6, 2007 Share Posted November 6, 2007 and consequently XSS in http://www.themespot.info/blog/article.php?id_art=%3Cscript%3Ealert(1337357)%3C/script%3E Link to comment Share on other sites More sharing options...
Demonic Posted November 6, 2007 Share Posted November 6, 2007 Try using intval() when getting id's. and do a check if theres more then 1 column/row in the db like it. Link to comment Share on other sites More sharing options...
GamingWarrior Posted November 6, 2007 Author Share Posted November 6, 2007 Thx guys. I have my work cut out for the next couple of days patching these i'll get back to you once i'm done. just a question how did someone manage to upload nothing and have the upload script let you? it should check, did you add it to the tables manually? Link to comment Share on other sites More sharing options...
GamingWarrior Posted November 6, 2007 Author Share Posted November 6, 2007 Lucky for me /blog/article.php is not need anymore so i can just delete it and there go half my problems. Link to comment Share on other sites More sharing options...
GamingWarrior Posted November 7, 2007 Author Share Posted November 7, 2007 User Enumeration: http://www.themespot.info/~root User Enumeration: http://www.themespot.info/~gamerz/ Full Path Disclosure: http://www.themespot.info/~gamerz/ All fixed(i think/hope) bar the the 3 above. I have no clue how to stop this. Could some one link me to some info on how to block the above. Link to comment Share on other sites More sharing options...
Coreye Posted November 7, 2007 Share Posted November 7, 2007 User Enumeration: http://www.themespot.info/~root User Enumeration: http://www.themespot.info/~gamerz/ Full Path Disclosure: http://www.themespot.info/~gamerz/ All fixed(i think/hope) bar the the 3 above. I have no clue how to stop this. Could some one link me to some info on how to block the above. Hey, In httpd.conf, set the 'UserDir' to 'disabled'. Link to comment Share on other sites More sharing options...
Recommended Posts