helraizer Posted November 24, 2007 Share Posted November 24, 2007 Hi, my friend wants you to try and find flaws in his site. It seems pretty secure but see what you guys can do. www.sheepeep.com/ Thanks Link to comment https://forums.phpfreaks.com/topic/78630-check-for-vunerabilities/ Share on other sites More sharing options...
Coreye Posted November 24, 2007 Share Posted November 24, 2007 When registering you get this error; Request to MySQL server was not successful Unknown column 'owner' in 'field list' Syntax Error - SQL Injection http://www.sheepeep.com/index.php?p=' Request to MySQL server was not successful You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10, 10' at line 1 Full Path Disclosure: http://www.sheepeep.com/index.php?page=news&date=' (Notice): Undefined offset: 1 /home/sites/sheepeep.com/public_html/news.php Line 36Query string - page=news&date=' Full Path Disclosure: http://www.sheepeep.com/register.php Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/register.php on line 5 Full Path Disclosure: http://www.sheepeep.com/login.php Fatal error: Cannot instantiate non-existent class: text_parser in /home/sites/sheepeep.com/public_html/login.php on line 2 Full Path Disclosure: http://www.sheepeep.com/admin.php Warning: Missing argument 1 for database() in /home/sites/sheepeep.com/public_html/corefunc_mysql.php on line 12 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/sites/sheepeep.com/public_html/corefunc_mysql.php:12) in /home/sites/sheepeep.com/public_html/admin.php on line 17 Full Path Disclosure: http://www.sheepeep.com/usercp.php Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/usercp.php on line 5 Link to comment https://forums.phpfreaks.com/topic/78630-check-for-vunerabilities/#findComment-397887 Share on other sites More sharing options...
Coreye Posted November 24, 2007 Share Posted November 24, 2007 May want to hide; http://www.sheepeep.com/skins.php. class skin { var $loaded_elements_names = array(); var $loaded_elements; var $site_path; var $skin_name; var $skin_path; var $elements; function count_elements() { return(count($this->loaded_elements_names)); } function get_loaded_elements() { return $this->loaded_elements_names; } function is_loaded($element) { return(!empty($this->loaded_elements[$element]) ? 1 : 0); } function load($element) { if(function_exists($element)) { $this->loaded_elements_names[$this->count_elements()] = $element; $output = $element(); $this->loaded_elements[$element] = $output; return(true); } else { return(false); } } function load_file($file) { include_once($this->skin_path . "/skin_" . $file . ".php"); return(true); } function reload($element) { //Alias, some may wish to use this for clarity purposes return($this->load($element)); } function unload($element) { unset($this->loaded_elements_names[array_search($element, $this->loaded_elements_names)]); unset($this->loaded_elements[$element]); } function loadIfNotLoaded($element) { if(!$this->is_loaded($element)) { $this->load($element); } return(true); } //Good for loading headers and suchlike function load_data($element, $data) { if(function_exists($element)) { $output = $element($data); return($output); } else { return(false); } } function set_skin_details($data) { $this->site_path = $data['SITE_PATH']; $this->skin_path = $data['SITE_PATH'] . "skins/5"; } function skin_css() { return(file_get_contents($this->skin_path . "/skin_css.php")); } } Full Path Disclosure: http://www.sheepeep.com/pages.php Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/pages.php on line 5 Full Path Disclosure: http://www.sheepeep.com/mod.php Fatal error: Cannot instantiate non-existent class: database in /home/sites/sheepeep.com/public_html/mod.php on line 5 Full Path Disclosure: http://www.sheepeep.com/profile.php Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/profile.php on line 4 Syntax Error http://www.sheepeep.com/index.php?page=profile&id=35 Request to MySQL server was not successful You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM `users` WHERE id='35' LIMIT 1' at line 1 Link to comment https://forums.phpfreaks.com/topic/78630-check-for-vunerabilities/#findComment-397892 Share on other sites More sharing options...
Coreye Posted November 24, 2007 Share Posted November 24, 2007 Full Path Disclosure: http://www.sheepeep.com/comments.php Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/comments.php on line 5 Syntax Error - SQL Injection Submitting \\\\\\\\ into login fields. Request to MySQL server was not successful You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\\\\\',users.string)) LIMIT 1' at line 1 Link to comment https://forums.phpfreaks.com/topic/78630-check-for-vunerabilities/#findComment-397904 Share on other sites More sharing options...
agentsteal Posted November 24, 2007 Share Posted November 24, 2007 Cross Site Scripting: http://www.sheepeep.com/index.php?p=1'><marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.sheepeep.com/index.php?p=4<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.sheepeep.com/index.php?page=news&date=<marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www.sheepeep.com/admin.php Warning: Missing argument 1 for database() in /home/sites/sheepeep.com/public_html/corefunc_mysql.php on line 12 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/sites/sheepeep.com/public_html/corefunc_mysql.php:12) in /home/sites/sheepeep.com/public_html/admin.php on line 17 Full Path Disclosure: http://www.sheepeep.com/avatarparse.php <br /> <b>Parse error</b>: syntax error, unexpected T_STRING in <b>/home/sites/sheepeep.com/public_html/images/avatars/noav.jpg</b> on line <b>55</b><br /> Full Path Disclosure: http://www.sheepeep.com/avatarparse.php?id=2 Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: gd-jpeg: JPEG library reports unrecoverable error: in /home/sites/sheepeep.com/public_html/avatarparse.php on line 31 Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: './images/avatars/.' is not a valid JPEG file in /home/sites/sheepeep.com/public_html/avatarparse.php on line 31 Warning: imagesx(): supplied argument is not a valid Image resource in /home/sites/sheepeep.com/public_html/avatarparse.php on line 38 Warning: imagesy(): supplied argument is not a valid Image resource in /home/sites/sheepeep.com/public_html/avatarparse.php on line 39 Warning: imagejpeg(): supplied argument is not a valid Image resource in /home/sites/sheepeep.com/public_html/avatarparse.php on line 92 Warning: imagedestroy(): supplied argument is not a valid Image resource in /home/sites/sheepeep.com/public_html/avatarparse.php on line 93 Full Path Disclosure: http://www.sheepeep.com/comments.php Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/comments.php on line 5 Full Path Disclosure: http://www.sheepeep.com/index.php?p=4 For administrators (Notice): Undefined index: date /home/sites/sheepeep.com/public_html/news.php Line 59Query string - p=4 Full Path Disclosure: http://www.sheepeep.com/index.php?p[] Fatal error: Unsupported operand types in /home/sites/sheepeep.com/public_html/news.php on line 11 Full Path Disclosure: http://www.sheepeep.com/index.php?page[] For administrators (Notice): Array to string conversion /home/sites/sheepeep.com/public_html/index.php Line 48Query string - page Full Path Disclosure: http://www.sheepeep.com/login.php Fatal error: Cannot instantiate non-existent class: text_parser in /home/sites/sheepeep.com/public_html/login.php on line 2 Full Path Disclosure: http://www.sheepeep.com/mod.php Fatal error: Cannot instantiate non-existent class: database in /home/sites/sheepeep.com/public_html/mod.php on line 5 Full Path Disclosure: http://www.sheepeep.com/index.php?page=news&date=a For administrators (Notice): Undefined offset: 1 /home/sites/sheepeep.com/public_html/news.php Line 36Query string - page=news&date=a Full Path Disclosure: http://www.sheepeep.com/pages.php Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/pages.php on line 5 Full Path Disclosure: http://www.sheepeep.com/profile.php Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/profile.php on line 4 Full Path Disclosure: http://www.sheepeep.com/register.php Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/register.php on line 5 Full Path Disclosure: http://www.sheepeep.com/usercp.php Fatal error: Call to undefined function: set_session_data() in /home/sites/sheepeep.com/public_html/usercp.php on line 5 SQL Error: http://www.sheepeep.com/index.php?p=a Request to MySQL server was not successful You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10, 10' at line 1 SQL Error: http://www.sheepeep.com/index.php?page=members&p=99999999999999 Request to MySQL server was not successful You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '9.9999999999998E+14, 10' at line 1 SQL Error: http://www.sheepeep.com/index.php?page=profile&id=1 Request to MySQL server was not successful You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM `users` WHERE id='1' LIMIT 1' at line 1 SQL Error: There is an SQL Error if your username contains \\ Request to MySQL server was not successful You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\',users.string)) LIMIT 1' at line 1 SQL Error: There is an SQL Error on http://www.sheepeep.com/admin/ if your password contains \\ Request to MySQL server was not successful You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\',users.string)) LIMIT 1' at line 1 SQL Error: There is an SQL Error on http://www.sheepeep.com/mod/ if your password contains \\ Request to MySQL server was not successful You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\',users.string)) LIMIT 1' at line 1 SQL Error: There is an SQL Error when you register. Request to MySQL server was not successful Unknown column 'owner' in 'field list' Link to comment https://forums.phpfreaks.com/topic/78630-check-for-vunerabilities/#findComment-397993 Share on other sites More sharing options...
Sheepeep Posted June 19, 2008 Share Posted June 19, 2008 "Warning: this topic has not been posted in for at least 30 days. Unless you're sure you want to reply, please consider starting a new topic. " Yeah, this is worth the bump. Thanks for the reports guys, but finding this guy had absolutely *no* intention of telling me about them. Perhaps next time, rather than getting other people to do his work for him, he could consider trying to break into my site with some real effort. Sorry for bumping the thread (Seriously), but this is simply someone who got in a hissy fit ages back and tried (failed) to get some kind of revenge. Yeah, I'm late in finding it, but it's so sad that it's beyond ridiculous. Suggestion for this forum: If you're going to try and find ways to break into a site, send the results via e-mail? He never succeeded, wouldn't know what to do with it even if you flat out told him how, but jeez... And since apparently petty disputes are fulfilled here, I'm saying no more other than the fact that his website is http://www.helraizer.co.uk, though given that I've apparently one brain more than he has, I'm not going to tell you to explore the site for anything. Thanks, - A rather annoyed http://www.sheepeep.com/ (Long-since using the domain http://www.arloria.net/) owner. Link to comment https://forums.phpfreaks.com/topic/78630-check-for-vunerabilities/#findComment-568643 Share on other sites More sharing options...
corbin Posted June 19, 2008 Share Posted June 19, 2008 "Suggestion for this forum: If you're going to try and find ways to break into a site, send the results via e-mail? He never succeeded, wouldn't know what to do with it even if you flat out told him how, but jeez..." Most people read their thread and don't wait 9 months.... Also, all of these people found that stuff on their first try... You think someone else couldn't? Link to comment https://forums.phpfreaks.com/topic/78630-check-for-vunerabilities/#findComment-568782 Share on other sites More sharing options...
Sheepeep Posted June 19, 2008 Share Posted June 19, 2008 "Most people read their thread and don't wait 9 months..." I think you missed the point of this, being that I didn't ask this /idiot/ (Read: Known script kiddie that couldn't) to actually do this. I ask you as a serious question how it is "my" thread if I have no knowledge of it, gave no permission for it to be there, and refuse to so much as acknowledge the poster of it in any other situation. So no, most people don't wait nine months. Most people actually know about the thread being posted, which was somewhat the point I was trying to make here. Furthermore, by the time I found this thread, these were all patched as well as a few others. The reason they even existed is because I'm using a self-written, development CMS on what is a semi-production environment. You can point out the stupidity of doing that all you like, but I sure-as-hell wouldn't ask for something like this until I was ready to deal with it. "Also, all of these people found that stuff on their first try... You think someone else couldn't?" I think he couldn't. He's a known quantity to me that rips off other peoples' code and claims them as his own. If I was going to theorise what was going on here, I'd say the reason nothing ever came of this is because he wanted something that revealed PHP sources, possibly a file upload issue (That's not an invitation, my site still isn't ready for testing). If you guys had found one, you'd probably have contributed to that. That said, if I *had* asked you to do this, I'd probably have appreciated what you found. As I didn't, however, and some of these had therefore been out in the open for some six months, I'm somewhat aggravated by the whole thing. I know that you guys did what you did because you thought you were doing the right thing, but sadly, you were just trying to feed a troll, and I thought that I should inform you of just what kind of lunacy you were dealing with here. Link to comment https://forums.phpfreaks.com/topic/78630-check-for-vunerabilities/#findComment-569163 Share on other sites More sharing options...
corbin Posted June 21, 2008 Share Posted June 21, 2008 Oh man, I'm sorry.... I didn't compare your name and the OP's name.... I just assumed you were the OP because of the site URL and your username x.x. Link to comment https://forums.phpfreaks.com/topic/78630-check-for-vunerabilities/#findComment-570734 Share on other sites More sharing options...
Recommended Posts