anujgarg Posted November 26, 2007 Share Posted November 26, 2007 Hi Guys, I have just created my site (a small one). Can you please check this and reply if found some errors? It would be highly appreciated if someone tells me about its look and feel modifications. Here is the URL: http://anuj-blog.co.nr TIA Link to comment Share on other sites More sharing options...
agentsteal Posted November 26, 2007 Share Posted November 26, 2007 Array: http://anuj-blog.co.nr/?page[] Cross Site Scripting: http://anuj-blog.co.nr/?page=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Directory Transversal: http://anuj-blog.co.nr/?page=../themes/doop DOS: http://anuj-blog.co.nr/?page=../themes/doop Full Path Disclosure: http://anuj-blog.co.nr/?page Warning: doop(pages/.html): failed to open stream: No such file or directory in /home/www/anuj-its-me.100webcustomers.com/index.php on line 630 Warning: doop(pages/.html): failed to open stream: No such file or directory in /home/www/anuj-its-me.100webcustomers.com/index.php on line 630 Warning: doop(pages/.html): failed to open stream: No such file or directory in /home/www/anuj-its-me.100webcustomers.com/index.php on line 630 Warning: doop(): Failed opening 'pages/.html' for inclusion (include_path='.:/usr/local/lib/php') in /home/www/anuj-its-me.100webcustomers.com/index.php on line 630 Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value. Warning: session_start(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in /home/www/anuj-its-me.100webcustomers.com/index.php on line 2 Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/www/anuj-its-me.100webcustomers.com/index.php:2) in /home/www/anuj-its-me.100webcustomers.com/index.php on line 2 Warning: Unknown(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in Unknown on line 0 Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 Includes Directory: http://anuj-blog.co.nr/pages/ User Enumeration: http://anuj-blog.co.nr/~nobody User Enumeration: http://anuj-blog.co.nr/~root Link to comment Share on other sites More sharing options...
anujgarg Posted November 27, 2007 Author Share Posted November 27, 2007 thanks agentsteal.... can you tell me please how can I prevent my site from Directory Transversal and Cross Site Scripting? is there anything else by which I can save my site from? Link to comment Share on other sites More sharing options...
Recommended Posts