Jump to content

Recommended Posts

When registering you get this error;

Request to MySQL server was not successful

Unknown column 'owner' in 'field list'

 

Syntax Error - SQL Injection

http://www.sheepeep.com/index.php?p='

Request to MySQL server was not successful

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10, 10' at line 1

 

Full Path Disclosure:

http://www.sheepeep.com/index.php?page=news&date='

(Notice): Undefined offset: 1 /home/sites/sheepeep.com/public_html/news.php Line 36Query string - page=news&date='

 

Full Path Disclosure:

http://www.sheepeep.com/register.php

Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/register.php on line 5

 

Full Path Disclosure:

http://www.sheepeep.com/login.php

Fatal error: Cannot instantiate non-existent class: text_parser in /home/sites/sheepeep.com/public_html/login.php on line 2

 

Full Path Disclosure:

http://www.sheepeep.com/admin.php

Warning: Missing argument 1 for database() in /home/sites/sheepeep.com/public_html/corefunc_mysql.php on line 12

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/sites/sheepeep.com/public_html/corefunc_mysql.php:12) in /home/sites/sheepeep.com/public_html/admin.php on line 17

 

Full Path Disclosure:

http://www.sheepeep.com/usercp.php

Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/usercp.php on line 5

May want to hide; http://www.sheepeep.com/skins.php.

class skin { var $loaded_elements_names = array(); var $loaded_elements; var $site_path; var $skin_name; var $skin_path; var $elements; function count_elements() { return(count($this->loaded_elements_names)); } function get_loaded_elements() { return $this->loaded_elements_names; } function is_loaded($element) { return(!empty($this->loaded_elements[$element]) ? 1 : 0); } function load($element) { if(function_exists($element)) { $this->loaded_elements_names[$this->count_elements()] = $element; $output = $element(); $this->loaded_elements[$element] = $output; return(true); } else { return(false); } } function load_file($file) { include_once($this->skin_path . "/skin_" . $file . ".php"); return(true); } function reload($element) { //Alias, some may wish to use this for clarity purposes return($this->load($element)); } function unload($element) { unset($this->loaded_elements_names[array_search($element, $this->loaded_elements_names)]); unset($this->loaded_elements[$element]); } function loadIfNotLoaded($element) { if(!$this->is_loaded($element)) { $this->load($element); } return(true); } //Good for loading headers and suchlike function load_data($element, $data) { if(function_exists($element)) { $output = $element($data); return($output); } else { return(false); } } function set_skin_details($data) { $this->site_path = $data['SITE_PATH']; $this->skin_path = $data['SITE_PATH'] . "skins/5"; } function skin_css() { return(file_get_contents($this->skin_path . "/skin_css.php")); } }

 

Full Path Disclosure:

http://www.sheepeep.com/pages.php

Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/pages.php on line 5

 

Full Path Disclosure:

http://www.sheepeep.com/mod.php

Fatal error: Cannot instantiate non-existent class: database in /home/sites/sheepeep.com/public_html/mod.php on line 5

 

Full Path Disclosure:

http://www.sheepeep.com/profile.php

Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/profile.php on line 4

 

Syntax Error

http://www.sheepeep.com/index.php?page=profile&id=35

Request to MySQL server was not successful

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM `users` WHERE id='35' LIMIT 1' at line 1

Full Path Disclosure:

http://www.sheepeep.com/comments.php

Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/comments.php on line 5

 

Syntax Error - SQL Injection

Submitting \\\\\\\\ into login fields.

Request to MySQL server was not successful

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\\\\\',users.string)) LIMIT 1' at line 1

Cross Site Scripting:

http://www.sheepeep.com/index.php?p=1'><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.sheepeep.com/index.php?p=4<marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://www.sheepeep.com/index.php?page=news&date=<marquee><h1>vulnerable</marquee>

 

Full Path Disclosure:

http://www.sheepeep.com/admin.php

Warning: Missing argument 1 for database() in /home/sites/sheepeep.com/public_html/corefunc_mysql.php on line 12

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/sites/sheepeep.com/public_html/corefunc_mysql.php:12) in /home/sites/sheepeep.com/public_html/admin.php on line 17

 

Full Path Disclosure:

http://www.sheepeep.com/avatarparse.php

<br />

<b>Parse error</b>:  syntax error, unexpected T_STRING in <b>/home/sites/sheepeep.com/public_html/images/avatars/noav.jpg</b> on line <b>55</b><br />

 

Full Path Disclosure:

http://www.sheepeep.com/avatarparse.php?id=2

Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: gd-jpeg: JPEG library reports unrecoverable error: in /home/sites/sheepeep.com/public_html/avatarparse.php on line 31

 

Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: './images/avatars/.' is not a valid JPEG file in /home/sites/sheepeep.com/public_html/avatarparse.php on line 31

 

Warning: imagesx(): supplied argument is not a valid Image resource in /home/sites/sheepeep.com/public_html/avatarparse.php on line 38

 

Warning: imagesy(): supplied argument is not a valid Image resource in /home/sites/sheepeep.com/public_html/avatarparse.php on line 39

 

Warning: imagejpeg(): supplied argument is not a valid Image resource in /home/sites/sheepeep.com/public_html/avatarparse.php on line 92

 

Warning: imagedestroy(): supplied argument is not a valid Image resource in /home/sites/sheepeep.com/public_html/avatarparse.php on line 93

 

Full Path Disclosure:

http://www.sheepeep.com/comments.php

Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/comments.php on line 5

 

Full Path Disclosure:

http://www.sheepeep.com/index.php?p=4

For administrators

(Notice): Undefined index: date /home/sites/sheepeep.com/public_html/news.php Line 59Query string - p=4

 

Full Path Disclosure:

http://www.sheepeep.com/index.php?p[]

Fatal error: Unsupported operand types in /home/sites/sheepeep.com/public_html/news.php on line 11

 

Full Path Disclosure:

http://www.sheepeep.com/index.php?page[]

For administrators

(Notice): Array to string conversion /home/sites/sheepeep.com/public_html/index.php Line 48Query string - page

 

Full Path Disclosure:

http://www.sheepeep.com/login.php

Fatal error: Cannot instantiate non-existent class: text_parser in /home/sites/sheepeep.com/public_html/login.php on line 2

 

Full Path Disclosure:

http://www.sheepeep.com/mod.php

Fatal error: Cannot instantiate non-existent class: database in /home/sites/sheepeep.com/public_html/mod.php on line 5

 

Full Path Disclosure:

http://www.sheepeep.com/index.php?page=news&date=a

For administrators

(Notice): Undefined offset: 1 /home/sites/sheepeep.com/public_html/news.php Line 36Query string - page=news&date=a

 

Full Path Disclosure:

http://www.sheepeep.com/pages.php

Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/pages.php on line 5

 

Full Path Disclosure:

http://www.sheepeep.com/profile.php

Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/profile.php on line 4

 

Full Path Disclosure:

http://www.sheepeep.com/register.php

Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/register.php on line 5

 

Full Path Disclosure:

http://www.sheepeep.com/usercp.php

Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/usercp.php on line 5

 

SQL Error:

http://www.sheepeep.com/index.php?p=a

Request to MySQL server was not successful

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10, 10' at line 1

 

SQL Error:

http://www.sheepeep.com/index.php?page=members&p=99999999999999

Request to MySQL server was not successful

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '9.9999999999998E+14, 10' at line 1

 

SQL Error:

http://www.sheepeep.com/index.php?page=profile&id=1

Request to MySQL server was not successful

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM `users` WHERE id='1' LIMIT 1' at line 1

 

SQL Error:

There is an SQL Error if your username contains \\

Request to MySQL server was not successful

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\',users.string)) LIMIT 1' at line 1

 

SQL Error:

There is an SQL Error on http://www.sheepeep.com/admin/ if your password contains \\

Request to MySQL server was not successful

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\',users.string)) LIMIT 1' at line 1

 

SQL Error:

There is an SQL Error on http://www.sheepeep.com/mod/ if your password contains \\

Request to MySQL server was not successful

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\',users.string)) LIMIT 1' at line 1

 

SQL Error:

There is an SQL Error when you register.

Request to MySQL server was not successful

Unknown column 'owner' in 'field list'

  • 6 months later...

"Warning: this topic has not been posted in for at least 30 days.

Unless you're sure you want to reply, please consider starting a new topic. "

 

Yeah, this is worth the bump.

 

Thanks for the reports guys, but finding this guy had absolutely *no* intention of telling me about them. Perhaps next time, rather than getting other people to do his work for him, he could consider trying to break into my site with some real effort.

 

Sorry for bumping the thread (Seriously), but this is simply someone who got in a hissy fit ages back and tried (failed) to get some kind of revenge. Yeah, I'm late in finding it, but it's so sad that it's beyond ridiculous.

 

Suggestion for this forum: If you're going to try and find ways to break into a site, send the results via e-mail? He never succeeded, wouldn't know what to do with it even if you flat out told him how, but jeez...

 

And since apparently petty disputes are fulfilled here, I'm saying no more other than the fact that his website is http://www.helraizer.co.uk, though given that I've apparently one brain more than he has, I'm not going to tell you to explore the site for anything.

 

Thanks,

- A rather annoyed http://www.sheepeep.com/ (Long-since using the domain http://www.arloria.net/) owner.

"Suggestion for this forum: If you're going to try and find ways to break into a site, send the results via e-mail? He never succeeded, wouldn't know what to do with it even if you flat out told him how, but jeez..."

 

Most people read their thread and don't wait 9 months....

 

Also, all of these people found that stuff on their first try...  You think someone else couldn't?

"Most people read their thread and don't wait 9 months..."

 

I think you missed the point of this, being that I didn't ask this /idiot/ (Read: Known script kiddie that couldn't)  to actually do this. I ask you as a serious question how it is "my" thread if I have no knowledge of it, gave no permission for it to be there, and refuse to so much as acknowledge the poster of it in any other situation.

 

So no, most people don't wait nine months. Most people actually know about the thread being posted, which was somewhat the point I was trying to make here.

 

Furthermore, by the time I found this thread, these were all patched as well as a few others. The reason they even existed is because I'm using a self-written, development CMS on what is a semi-production environment. You can point out the stupidity of doing that all you like, but I sure-as-hell wouldn't ask for something like this until I was ready to deal with it.

 

"Also, all of these people found that stuff on their first try...  You think someone else couldn't?"

 

I think he couldn't. He's a known quantity to me that  rips off other peoples' code and claims them as his own. If I was going to theorise what was going on here, I'd say the reason nothing ever came of this is because he wanted something that revealed PHP sources, possibly a file upload issue (That's not an invitation, my site still isn't ready for testing). If you guys had found one, you'd probably have contributed to that.

 

That said, if I *had* asked you to do this, I'd probably have appreciated what you found. As I didn't, however, and some of these had therefore been out in the open for some six months, I'm somewhat aggravated by the whole thing. I know that you guys did what you did because you thought you were doing the right thing, but sadly, you were just trying to feed a troll, and I thought that I should inform you of just what kind of lunacy you were dealing with here.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.