eXeCuTeR Posted November 28, 2007 Share Posted November 28, 2007 toxic.local-host.co.il I secured this forum. Try to hack it. Link to comment https://forums.phpfreaks.com/topic/79288-hack-this/ Share on other sites More sharing options...
Coreye Posted November 28, 2007 Share Posted November 28, 2007 Full Path Disclosure when you visit toxic.local-host.co.il. Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/toxic14/domains/toxic.local-host.co.il/public_html/genosecurity/geno.php on line 94 Link to comment https://forums.phpfreaks.com/topic/79288-hack-this/#findComment-401352 Share on other sites More sharing options...
helraizer Posted November 28, 2007 Share Posted November 28, 2007 Dude, something happened there. ]http://toxic.local-host.co.il/index.php?act[] Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/toxic14/domains/toxic.local-host.co.il/public_html/genosecurity/geno.php on line 343 Warning: preg_match() expects parameter 2 to be string, array given in /home/toxic14/domains/toxic.local-host.co.il/public_html/genosecurity/geno.php on line 346 Warning: preg_match() expects parameter 2 to be string, array given in /home/toxic14/domains/toxic.local-host.co.il/public_html/genosecurity/geno.php on line 354 Warning: preg_match() expects parameter 2 to be string, array given in /home/toxic14/domains/toxic.local-host.co.il/public_html/genosecurity/geno.php on line 362 Warning: preg_match() expects parameter 2 to be string, array given in /home/toxic14/domains/toxic.local-host.co.il/public_html/genosecurity/geno.php on line 370 Warning: Illegal offset type in /home/toxic14/domains/toxic.local-host.co.il/public_html/index.php on line 370 Link to comment https://forums.phpfreaks.com/topic/79288-hack-this/#findComment-401382 Share on other sites More sharing options...
eXeCuTeR Posted November 28, 2007 Author Share Posted November 28, 2007 It's alright now, I tested some stuff. Link to comment https://forums.phpfreaks.com/topic/79288-hack-this/#findComment-401427 Share on other sites More sharing options...
helraizer Posted November 28, 2007 Share Posted November 28, 2007 It's alright now, I tested some stuff. http://toxic.local-host.co.il/index.php?act[] - copy and paste that into your browser - it still comes up with the errors. Sam Link to comment https://forums.phpfreaks.com/topic/79288-hack-this/#findComment-401441 Share on other sites More sharing options...
agentsteal Posted November 28, 2007 Share Posted November 28, 2007 Full Path Disclosure: http://toxic.local-host.co.il/index.php?a[] Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/toxic14/domains/toxic.local-host.co.il/public_html/genosecurity/geno.php on line 353 Warning: preg_match() expects parameter 2 to be string, array given in /home/toxic14/domains/toxic.local-host.co.il/public_html/genosecurity/geno.php on line 356 Warning: preg_match() expects parameter 2 to be string, array given in /home/toxic14/domains/toxic.local-host.co.il/public_html/genosecurity/geno.php on line 364 Warning: preg_match() expects parameter 2 to be string, array given in /home/toxic14/domains/toxic.local-host.co.il/public_html/genosecurity/geno.php on line 372 Warning: preg_match() expects parameter 2 to be string, array given in /home/toxic14/domains/toxic.local-host.co.il/public_html/genosecurity/geno.php on line 380 Warning: Illegal offset type in /home/toxic14/domains/toxic.local-host.co.il/public_html/index.php on line 370 Link to comment https://forums.phpfreaks.com/topic/79288-hack-this/#findComment-401543 Share on other sites More sharing options...
Azu Posted November 29, 2007 Share Posted November 29, 2007 Don't even need the /index.php lol toxic.local-host.co.il?a[] And in case you don't know why stuff like this is a problem.. well at the very least it's buggy/annoying, and it could potentially be a huge security problem. It's immediately obvious from the errors that your username is probably toxic14.. or maybe genosecurity. Knowing this will make a brute force login attack much easier/faster, for starters. Link to comment https://forums.phpfreaks.com/topic/79288-hack-this/#findComment-402284 Share on other sites More sharing options...
eXeCuTeR Posted November 29, 2007 Author Share Posted November 29, 2007 How could I secure this? Link to comment https://forums.phpfreaks.com/topic/79288-hack-this/#findComment-402302 Share on other sites More sharing options...
helraizer Posted November 29, 2007 Share Posted November 29, 2007 How could I secure this? A code I made and therefore use is: <?php if (stristr($_SERVER['PHP_SELF'], "'") || stristr($_SERVER['PHP_SELF'], '"') || stristr($_SERVER['PHP_SELF'], '<') || stristr($_SERVER['PHP_SELF'], '>') || stristr($_SERVER['PHP_SELF'], '/')) { echo "No XSS today, thank you"; //or any other message ?> That stops anyone from adding XSS to the $_GET variables in the URL of the site. Sam Link to comment https://forums.phpfreaks.com/topic/79288-hack-this/#findComment-402323 Share on other sites More sharing options...
anujgarg Posted November 30, 2007 Share Posted November 30, 2007 helraizer, where should one paste this code, means, in which file and folder... Anuj Link to comment https://forums.phpfreaks.com/topic/79288-hack-this/#findComment-402708 Share on other sites More sharing options...
helraizer Posted November 30, 2007 Share Posted November 30, 2007 helraizer, where should one paste this code, means, in which file and folder... Anuj That would go in the page that you have the $_GET variables in. So if it's index.php?a[] then the code would go in index.php if it's search.php?q[] then the code would go in search.php Sam Link to comment https://forums.phpfreaks.com/topic/79288-hack-this/#findComment-402802 Share on other sites More sharing options...
eXeCuTeR Posted November 30, 2007 Author Share Posted November 30, 2007 Please close this thread, thanks. I removed the security. Link to comment https://forums.phpfreaks.com/topic/79288-hack-this/#findComment-403178 Share on other sites More sharing options...
helraizer Posted November 30, 2007 Share Posted November 30, 2007 Getting there but there is still one error. Warning: Illegal offset type in /home/toxic14/domains/toxic.local-host.co.il/public_html/index.php on line 370 That's on http://toxic.local-host.co.il/index.php?act[] Sam Link to comment https://forums.phpfreaks.com/topic/79288-hack-this/#findComment-403236 Share on other sites More sharing options...
Recommended Posts