winmastergames Posted November 28, 2007 Share Posted November 28, 2007 please Test this site for bugs. http://www.winmastergames.com Thanks Link to comment Share on other sites More sharing options...
Coreye Posted November 28, 2007 Share Posted November 28, 2007 Not sure what this is; http://www2.winmastergames.com/test/. http://www2.winmastergames.com/test/login.js Gives password and username. users[0] = new Array("freemusic","aocaocaoc","index2.html"); Link to comment Share on other sites More sharing options...
winmastergames Posted November 28, 2007 Author Share Posted November 28, 2007 damm how can i make that secure?? where did you find the link to that by the way?? Link to comment Share on other sites More sharing options...
Coreye Posted November 28, 2007 Share Posted November 28, 2007 Under links on http://www2.winmastergames.com/arcade/ you have "Winmastergames" but it goes to "http://www2.winmastergames.com/arcade/www2.winmastergames.com". You can send blank messages on the contact form; http://www2.winmastergames.com/arcade/contact.php. Link to comment Share on other sites More sharing options...
winmastergames Posted November 28, 2007 Author Share Posted November 28, 2007 The Contact form you cant send blank ones just tried it it comes up with a message saying you cant send blank messages?? EDIT: doesnt matter found out if you press space the send it sends blank messages Link to comment Share on other sites More sharing options...
Coreye Posted November 28, 2007 Share Posted November 28, 2007 I found http://www2.winmastergames.com/test/ by guessing. http://www2.winmastergames.com/freemusic/login.js users[0] = new Array("dean","1","index2.html"); users[1] = new Array("hayley","1","index2.html"); users[2] = new Array("holly","1","index2.html"); users[3] = new Array("jordan","1","index2.html"); users[4] = new Array("DJ Timy","1","index2.html"); Link to comment Share on other sites More sharing options...
winmastergames Posted November 28, 2007 Author Share Posted November 28, 2007 How can i seecure those .js files Link to comment Share on other sites More sharing options...
agentsteal Posted November 28, 2007 Share Posted November 28, 2007 Admin Access: http://www2.winmastergames.com/freemusic/login.js contains your password. Cross Site Scripting: There is Cross Site Scripting in the avatars. Cross Site Scripting: There is Cross Site Scripting on http://www2.winmastergames.com/bloodscars/website-data/blog/post.php if the fields contain ">code. Drop Down Menu: If you edit the drop down menu on http://www2.winmastergames.com/yonder/ you can submit arbitrary values. Full Path Disclosure: http://www2.winmastergames.com/yonder/?url=youtube.com Warning: ereg() [function.ereg]: REG_EMPTY in C:\xampp\htdocs\yonder\index.php on line 18 You can view the pages in http://www2.winmastergames.com/freemusic/ without logging in if you don't let the pages redirect you. You can view the pages in http://www2.winmastergames.com/freemusic/ without logging in if you set the login cookie to 1. You can view the pages in http://www2.winmastergames.com/test/ without logging in if you don't let the pages redirect you. You can view the pages in http://www2.winmastergames.com/test/ without logging in if you set the login cookie to 1. Link to comment Share on other sites More sharing options...
winmastergames Posted November 28, 2007 Author Share Posted November 28, 2007 Thanks for this trying to fix all this now its going to be one long night for me in New Zealand and can you also delete thoose passwords you found thats violating my User privacy thingey yea they might get a bit SAD LOL Link to comment Share on other sites More sharing options...
winmastergames Posted November 28, 2007 Author Share Posted November 28, 2007 JUST TO TELL YOU THE http://www2.winmastergames.com/test/ is NOTHING its a TEST!!! Link to comment Share on other sites More sharing options...
winmastergames Posted November 28, 2007 Author Share Posted November 28, 2007 Anything else?? Link to comment Share on other sites More sharing options...
Recommended Posts