thekevin07 Posted November 16, 2007 Share Posted November 16, 2007 Hi Could you guys test out this site? Try and break it. If you find anything bad that i havnt been able to find please let me know. Also no one will email you or bother you if you put in your real info, you can put fake stuff if you want. http://clickonlinehomes.com Thanks Link to comment https://forums.phpfreaks.com/topic/77644-check-this-site-out/ Share on other sites More sharing options...
thekevin07 Posted November 16, 2007 Author Share Posted November 16, 2007 also if you have any design suggestions please let me know im new to design Link to comment https://forums.phpfreaks.com/topic/77644-check-this-site-out/#findComment-393024 Share on other sites More sharing options...
Coreye Posted November 16, 2007 Share Posted November 16, 2007 Fill Path Disclosure: Warning: require_once(includes/jsmin-1.1.0.php) [function.require-once]: failed to open stream: No such file or directory in C:\Program Files\xampp\htdocs\clickonlinehomes\images\index.php on line 79 Fatal error: require_once() [function.require]: Failed opening required 'includes/jsmin-1.1.0.php' (include_path='.;C:\Program Files\xampp\php\pear\') in C:\Program Files\xampp\htdocs\clickonlinehomes\images\index.php on line 79 Link to comment https://forums.phpfreaks.com/topic/77644-check-this-site-out/#findComment-393037 Share on other sites More sharing options...
Coreye Posted November 16, 2007 Share Posted November 16, 2007 Cross site scripting: http://clickonlinehomes.com/details.php?id=%22%3E%3Cmarquee%3Exss&t=1 Link to comment https://forums.phpfreaks.com/topic/77644-check-this-site-out/#findComment-393051 Share on other sites More sharing options...
thekevin07 Posted November 16, 2007 Author Share Posted November 16, 2007 thanks guys problems fixed anything else i forgot? Link to comment https://forums.phpfreaks.com/topic/77644-check-this-site-out/#findComment-393054 Share on other sites More sharing options...
agentsteal Posted November 16, 2007 Share Posted November 16, 2007 Cross Site Scripting: http://www.clickonlinehomes.com/?c=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting on the search page if the drop down menus contain code. Cross Site Scripting: There is Cross Site Scripting on the save a search page if the drop down menus contain code. Cross Site Scripting: There is Cross Site Scripting on the My Account page if the fields contain code. Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain ">code. Cross Site Scripting There is Cross Site Scripting when you save a search if the fields contain code. Drop Down Menu: If you edit the drop down menus on the search page you can submit arbitrary values. Insecure Cookie: You shouldn't put the email address in the cookie. SQL Dump: http://www.clickonlinehomes.com/test.txt SQL Error: There is an SQL Error on the search page if the drop down menus contain invalid values. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\' AND price <= \\\' AND bed >= "\\\'" AND bath >= "\\\'" AND acres >= "\\\'" ' at line 1 You can log in as any user by setting the email cookie to their email address. Link to comment https://forums.phpfreaks.com/topic/77644-check-this-site-out/#findComment-393103 Share on other sites More sharing options...
Demonic Posted November 17, 2007 Share Posted November 17, 2007 Cross Site Scripting: http://www.clickonlinehomes.com/?c=<marquee><h1>vulnerable lol that doesn't work rofl how about he try something like: http://clickonlinehomes.com/?c=<SCRIPT SRC=http://ha.ckers.org/xss.js?<B> Link to comment https://forums.phpfreaks.com/topic/77644-check-this-site-out/#findComment-393261 Share on other sites More sharing options...
thekevin07 Posted November 17, 2007 Author Share Posted November 17, 2007 Thanks guys gotta alot of work to do. That isnt the database btw i actually dont remember what that was for. How did you find that file any way? Also how did you manipulate the values of the drop down values? Did you modify the cookie? Link to comment https://forums.phpfreaks.com/topic/77644-check-this-site-out/#findComment-393512 Share on other sites More sharing options...
Recommended Posts