djfox Posted November 21, 2007 Share Posted November 21, 2007 http://www.aplaceforpets1.com/product.php?id=14 On my laptop, the image of the hedgehog eating will not load. Looking at the page source, it shows that the image is there and that everything is typed correctly. Does the image appear for anyone else? If so, anyone have any idea why it won`t load? (All other images on other sites load and the other images on that site load. I can`t figure out why the image won`t load on my computer.) Link to comment https://forums.phpfreaks.com/topic/78174-can-i-get-some-testers-for-this/ Share on other sites More sharing options...
Coreye Posted November 21, 2007 Share Posted November 21, 2007 I see the image of him eating. Anyways, here are some errors and security vulnerabilities. Full Path Disclosure: Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/product.php on line 35 Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/product.php on line 36 Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/product.php on line 39 Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/product.php on line 40 Link to comment https://forums.phpfreaks.com/topic/78174-can-i-get-some-testers-for-this/#findComment-395616 Share on other sites More sharing options...
djfox Posted November 21, 2007 Author Share Posted November 21, 2007 Huh, those errors weren`t showing up at all. Well, I did a bit of editing there. See if it`s better. Link to comment https://forums.phpfreaks.com/topic/78174-can-i-get-some-testers-for-this/#findComment-395618 Share on other sites More sharing options...
Coreye Posted November 21, 2007 Share Posted November 21, 2007 Cross Site Scripting: On registration you can submit ">code for the email. Cross Site Scripting: On login you can submit ">code for the username. Suntax error http://www.aplaceforpets1.com/category.php?cat=1' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\' ORDER BY id DESC' at line 1 All usersnames say "Welcome Back, username" even though it doesn't exist. Full Path Disclosure: http://www.aplaceforpets1.com/product.php?id=a Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/product.php on line 11 Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/product.php on line 12 Cross Site Scripting: http://www.aplaceforpets1.com/category.php?cat=%22%3E%3Cmarquee%3E%3Ch1%3Evulnerable Table: Table 'aplacef3_hamburger.a' doesn't exist. Cross Site Scripting: http://www.aplaceforpets1.com/search.php?q=%3Cmarquee%3E%3Ch1%3Evulnerable&Submit=Search Link to comment https://forums.phpfreaks.com/topic/78174-can-i-get-some-testers-for-this/#findComment-395619 Share on other sites More sharing options...
Coreye Posted November 21, 2007 Share Posted November 21, 2007 The verification email sends the wrong link. It sent; http://www.secrettrance.net/aplaceforpets/verify_me.php?id=1d13679be8f784f15b55496548dedd3c and it should of sent; http://aplaceforpets1.com/verify_me.php?id=1d13679be8f784f15b55496548dedd3c. Link to comment https://forums.phpfreaks.com/topic/78174-can-i-get-some-testers-for-this/#findComment-395627 Share on other sites More sharing options...
djfox Posted November 21, 2007 Author Share Posted November 21, 2007 The verification email sends the wrong link. It sent; http://www.secrettrance.net/aplaceforpets/verify_me.php?id=1d13679be8f784f15b55496548dedd3c and it should of sent; http://aplaceforpets1.com/verify_me.php?id=1d13679be8f784f15b55496548dedd3c. Oh shoot, thanks for letting me know about that. EDIT Ok, that should be fixed now. Link to comment https://forums.phpfreaks.com/topic/78174-can-i-get-some-testers-for-this/#findComment-395628 Share on other sites More sharing options...
Coreye Posted November 21, 2007 Share Posted November 21, 2007 You can make usernames and passwords longer then the set values you have them at. I just registered a really long username. Link to comment https://forums.phpfreaks.com/topic/78174-can-i-get-some-testers-for-this/#findComment-395631 Share on other sites More sharing options...
Coreye Posted November 21, 2007 Share Posted November 21, 2007 To fix the image try this; <img src='http://www.aplaceforpets1.com/upload/leah_eating.jpg' alt='leah_eating' border='0' /> Link to comment https://forums.phpfreaks.com/topic/78174-can-i-get-some-testers-for-this/#findComment-395640 Share on other sites More sharing options...
djfox Posted November 21, 2007 Author Share Posted November 21, 2007 To fix the image try this; <img src='http://www.aplaceforpets1.com/upload/leah_eating.jpg' alt='leah_eating' border='0' /> It pulls the image info from a database. Link to comment https://forums.phpfreaks.com/topic/78174-can-i-get-some-testers-for-this/#findComment-395671 Share on other sites More sharing options...
agentsteal Posted November 21, 2007 Share Posted November 21, 2007 Array: http://www.aplaceforpets1.com/category.php?cat[] Array: http://www.aplaceforpets1.com/search.php?q[] Array: http://www.aplaceforpets1.com/thumbnail.php?img[] Cross Site Scripting: http://www.aplaceforpets1.com/category.php?cat=<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.aplaceforpets1.com/search.php?q=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain code. Directory Transversal: http://www.aplaceforpets1.com/thumbnail.php?img=../public_html/puppy/leah.jpg Drop Down Menu: If you edit the drop down menu on the category page you can submit arbitrary values. Full Path Disclosure: http://www.aplaceforpets1.com/category.php?offseta[] <a href="category.php?cat=-1&offseta= Fatal error: Unsupported operand types in /home/aplacef3/public_html/category.php on line 70 Full Path Disclosure: http://www.aplaceforpets1.com/page.php Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/page.php on line 11 Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/page.php on line 12 Full Path Disclosure: http://www.aplaceforpets1.com/product.php Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/product.php on line 11 Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/aplacef3/public_html/product.php on line 12 Warning: Division by zero in /home/aplacef3/public_html/product.php on line 49 Full Path Disclosure: http://www.aplaceforpets1.com/products.php?browse[] <a href="products.php?browse= Fatal error: Unsupported operand types in /home/aplacef3/public_html/products.php on line 55 Full Path Disclosure: http://www.aplaceforpets1.com/thumbnail.php Warning: Division by zero in /home/aplacef3/public_html/thumbnail.php on line 10 Warning: imagecreatetruecolor() [function.imagecreatetruecolor]: Invalid image dimensions in /home/aplacef3/public_html/thumbnail.php on line 14 Warning: imagecopyresized(): supplied argument is not a valid Image resource in /home/aplacef3/public_html/thumbnail.php on line 17 Warning: imagejpeg(): supplied argument is not a valid Image resource in /home/aplacef3/public_html/thumbnail.php on line 19 SQL Error: http://www.aplaceforpets1.com/category.php?cat=' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\' ORDER BY id DESC' at line 1 SQL Injection: http://www.aplaceforpets1.com/category.php?cat=1 OR 1=1 http://www.aplaceforpets1.com/category.php?cat=1 OR 1=2 SQL Injection: http://www.aplaceforpets1.com/page.php?id=11 AND 1=1 http://www.aplaceforpets1.com/page.php?id=11 AND 1=2 SQL Injection: http://www.aplaceforpets1.com/product.php?id=14 AND 1=1 http://www.aplaceforpets1.com/product.php?id=14 AND 1=2 User Enumeration: http://www.aplaceforpets1.com/~aplacef3 User Enumeration: http://www.aplaceforpets1.com/~root Link to comment https://forums.phpfreaks.com/topic/78174-can-i-get-some-testers-for-this/#findComment-395681 Share on other sites More sharing options...
phpSensei Posted November 23, 2007 Share Posted November 23, 2007 didnt check if anyone posted Sql Injection vulnerable http://www.aplaceforpets1.com/search.php?q=<marquee><h1>PWNED%20"he%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerable%20<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>"hello"vulnerable%20"hello"vulnerable%20"hello"vulnerablello"vulnerable Link to comment https://forums.phpfreaks.com/topic/78174-can-i-get-some-testers-for-this/#findComment-397150 Share on other sites More sharing options...
helraizer Posted November 23, 2007 Share Posted November 23, 2007 Login Failed. Username or password is incorrect. Try again.Welcome Back, helraizer! Logout What the heck? You put an invalid username and password in and it gives you the option to logout? How do you log out if you haven't logged in? Link to comment https://forums.phpfreaks.com/topic/78174-can-i-get-some-testers-for-this/#findComment-397454 Share on other sites More sharing options...
Recommended Posts