Jump to content

Recommended Posts

http://www.aplaceforpets1.com/product.php?id=14

 

On my laptop, the image of the hedgehog eating will not load. Looking at the page source, it shows that the image is there and that everything is typed correctly. Does the image appear for anyone else? If so, anyone have any idea why it won`t load? (All other images on other sites load and the other images on that site load. I can`t figure out why the image won`t load on my computer.)

Link to comment
https://forums.phpfreaks.com/topic/78174-can-i-get-some-testers-for-this/
Share on other sites

I see the image of him eating. Anyways, here are some errors and security vulnerabilities.

 

Full Path Disclosure:

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/product.php on line 35

 

Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/product.php on line 36

 

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/product.php on line 39

 

Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/product.php on line 40

 

Cross Site Scripting:

On registration you can submit ">code for the email.

 

Cross Site Scripting:

On login you can submit ">code for the username.

 

Suntax error

http://www.aplaceforpets1.com/category.php?cat=1'

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\' ORDER BY id DESC' at line 1

 

All usersnames say "Welcome Back, username" even though it doesn't exist.

 

Full Path Disclosure:

http://www.aplaceforpets1.com/product.php?id=a

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/product.php on line 11

 

Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/product.php on line 12

 

Cross Site Scripting:

http://www.aplaceforpets1.com/category.php?cat=%22%3E%3Cmarquee%3E%3Ch1%3Evulnerable

 

Table:

Table 'aplacef3_hamburger.a' doesn't exist.

 

Cross Site Scripting:

http://www.aplaceforpets1.com/search.php?q=%3Cmarquee%3E%3Ch1%3Evulnerable&Submit=Search

 

Oh shoot, thanks for letting me know about that.

 

EDIT

Ok, that should be fixed now.

Array:

http://www.aplaceforpets1.com/category.php?cat[]

 

Array:

http://www.aplaceforpets1.com/search.php?q[]

 

Array:

http://www.aplaceforpets1.com/thumbnail.php?img[]

 

Cross Site Scripting:

http://www.aplaceforpets1.com/category.php?cat=<marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.aplaceforpets1.com/search.php?q=<marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

There is Cross Site Scripting when you register if the fields contain code.

 

Directory Transversal:

http://www.aplaceforpets1.com/thumbnail.php?img=../public_html/puppy/leah.jpg

 

Drop Down Menu:

If you edit the drop down menu on the category page you can submit arbitrary values.

 

Full Path Disclosure:

http://www.aplaceforpets1.com/category.php?offseta[]

<a href="category.php?cat=-1&offseta=

Fatal error: Unsupported operand types in /home/aplacef3/public_html/category.php on line 70

 

Full Path Disclosure:

http://www.aplaceforpets1.com/page.php

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/page.php on line 11

 

Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/page.php on line 12

 

Full Path Disclosure:

http://www.aplaceforpets1.com/product.php

Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/product.php on line 11

 

Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/product.php on line 12

 

Warning: Division by zero in /home/aplacef3/public_html/product.php on line 49

 

Full Path Disclosure:

http://www.aplaceforpets1.com/products.php?browse[]

<a href="products.php?browse=

Fatal error: Unsupported operand types in /home/aplacef3/public_html/products.php on line 55

 

Full Path Disclosure:

http://www.aplaceforpets1.com/thumbnail.php

Warning: Division by zero in /home/aplacef3/public_html/thumbnail.php on line 10

 

Warning: imagecreatetruecolor() [function.imagecreatetruecolor]: Invalid image dimensions in /home/aplacef3/public_html/thumbnail.php on line 14

 

Warning: imagecopyresized(): supplied argument is not a valid Image resource in /home/aplacef3/public_html/thumbnail.php on line 17

 

Warning: imagejpeg(): supplied argument is not a valid Image resource in /home/aplacef3/public_html/thumbnail.php on line 19

 

SQL Error:

http://www.aplaceforpets1.com/category.php?cat='

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\' ORDER BY id DESC' at line 1

 

SQL Injection:

http://www.aplaceforpets1.com/category.php?cat=1 OR 1=1

http://www.aplaceforpets1.com/category.php?cat=1 OR 1=2

 

SQL Injection:

http://www.aplaceforpets1.com/page.php?id=11 AND 1=1

http://www.aplaceforpets1.com/page.php?id=11 AND 1=2

 

SQL Injection:

http://www.aplaceforpets1.com/product.php?id=14 AND 1=1

http://www.aplaceforpets1.com/product.php?id=14 AND 1=2

 

User Enumeration:

http://www.aplaceforpets1.com/~aplacef3

 

User Enumeration:

http://www.aplaceforpets1.com/~root

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.