Jump to content

Recommended Posts

I was able to send a quote and break the SQL query. 

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's see if I can get posted', '21:56 26th November 2007')' at line 1

 

You may want to use htmlspecialchars

When adding a comment you now get;

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''70.246.145', 'a' ,'aa', 'a', '' at line 1

 

I know... I kinda brokeded it. Working on it though. :D

Cross Site Scripting:

There is Cross Site Scripting if a comment contains code.

 

Full Path Disclosure:

http://www.helraizer.co.uk/count/test.php

Fatal error: Call to undefined function: view_source() in /home/sites/helraizer.co.uk/public_html/count/test.php on line 55

 

Full Path Disclosure:

http://www.helraizer.co.uk/count/test1.php

Notice: Undefined index: username in /home/sites/helraizer.co.uk/public_html/count/test1.php on line 78

 

Notice: Undefined index: email in /home/sites/helraizer.co.uk/public_html/count/test1.php on line 79

 

Notice: Undefined index: comment in /home/sites/helraizer.co.uk/public_html/count/test1.php on line 80

 

Notice: Undefined index: submit in /home/sites/helraizer.co.uk/public_html/count/test1.php on line 82

 

Notice: Undefined index: comment in /home/sites/helraizer.co.uk/public_html/count/test1.php on line 83

Full Path Disclosure:

http://www.helraizer.co.uk/count/test.php

Fatal error: Call to undefined function: view_source() in /home/sites/helraizer.co.uk/public_html/count/test.php on line 55

 

o.o How did you find test.php? Or just a guess? Maybe I should start calling everything obscure names to stop the guessing. :P I have a feeling that should be 'show_source()'..

 

Now, for whatever reason it posts every message blank.. I'll get working on fixing it.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.