Jump to content

no subject

newb

By newb
in Beta Test Your Stuff!

 Share

Recommended Posts

agentsteal Newbie

agentsteal

Posted
Posted

Array:

http://www.oxyfactor.com/billing/index.php?action[]

 

Array:

http://www.oxyfactor.com/billing/index.php?fuse[]

 

Array:

http://www.oxyfactor.com/billing/index.php?view[]

 

Cross Site Scripting:

There is Cross Site Scripting on the Account Information page if the Coupon Code field contains ">code.

 

Cross Site Scripting:

There is Cross Site Scripting on the Account Information page if the Password field contains ">code.

 

Cross Site Scripting:

There is Cross Site Scripting on the Terms and Conditions when you register if the fields contain ">code.

 

Directory Transversal:

http://www.oxyfactor.com/index.php?page=about/../hosting

 

DOS:

http://www.oxyfactor.com/modules/forums/index.inc.php/

 

Drop Down Menu:

If you edit the drop down menus on the registration page you can submit arbitrary values.

 

Full Path Disclosure:

http://www.oxyfactor.com/billing/index.php?action=a

An error has occurred with the given operation

 

  Fuse: 

  Action:  a

  Type:  User Error (256)

  Description:  Action a does not exist

  Script:  /home/oxyfacto/public_html/billing/newedge/classes/NE_Controller.php

  Line Number:  150

  Stack: 

 

    /home/oxyfacto/public_html/billing/newedge/classes/NE_Controller.php (150) : trigger_error

    /home/oxyfacto/public_html/billing/newedge/front.php (70) : ne_controller::processaction

    /home/oxyfacto/public_html/billing/index.php (3) : require

 

Full Path Disclosure:

http://www.oxyfactor.com/billing/index.php?fuse=admin&action=RequestPassword&ajaxRequest=1&emailToSend[]

An error has occurred with the given operation

 

  Fuse:  admin

  Action:  RequestPassword

  Type:  Warning (2)

  Description:  htmlspecialchars() expects parameter 1 to be string, array given

  Script:  /home/oxyfacto/public_html/billing/modules/admin/actions/RequestPassword.php

  Line Number:  19

  Stack: 

 

    /home/oxyfacto/public_html/billing/modules/admin/actions/RequestPassword.php (19) : htmlspecialchars

    /home/oxyfacto/public_html/billing/newedge/classes/NE_Controller.php (158) : requestpassword::dispatch

    /home/oxyfacto/public_html/billing/newedge/front.php (70) : ne_controller::processaction

    /home/oxyfacto/public_html/billing/index.php (3) : require

 

Full Path Disclosure:

http://www.oxyfactor.com/billing/classes/MailGateway.php

Fatal error: Class mailgateway: Cannot inherit from undefined class ne_model in /home/oxyfacto/public_html/billing/classes/MailGateway.php on line 10

 

Full Path Disclosure:

http://www.oxyfactor.com/billing/modules/admin/actions/RequestPassword.php

Warning: main(classes/MailGateway.php) [function.main]: failed to open stream: No such file or directory in /home/oxyfacto/public_html/billing/modules/admin/actions/RequestPassword.php on line 3

 

Fatal error: main() [function.require]: Failed opening required 'classes/MailGateway.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/oxyfacto/public_html/billing/modules/admin/actions/RequestPassword.php on line 3

 

Full Path Disclosure:

http://www.oxyfactor.com/billing/index.php?view=a

An error has occurred with the given operation

 

  Fuse: 

  Action: 

  Type:  User Error (256)

  Description:  View a does not exist

  Script:  /home/oxyfacto/public_html/billing/newedge/classes/NE_Controller.php

  Line Number:  88

  Stack: 

 

    /home/oxyfacto/public_html/billing/newedge/classes/NE_Controller.php (88) : trigger_error

    /home/oxyfacto/public_html/billing/newedge/front.php (72) : ne_controller::processview

    /home/oxyfacto/public_html/billing/index.php (3) : require

 

Includes Directory:

http://www.oxyfactor.com/billing/templates/Raleigh/signup/

 

User Enumeration:

http://www.oxyfactor.com/~nobody

 

User Enumeration:

http://www.oxyfactor.com/~oxyfacto

 

User Enumeration:

http://www.oxyfactor.com/~root

Link to comment
https://forums.phpfreaks.com/topic/79744-no-subject/#findComment-403859
Share on other sites
Coreye Member

Coreye

Posted
Posted

Full Path Disclosure:

http://oxyfactor.com/billing/index.php?fuse=admin&view='

An error has occurred with the given operation

 

  Fuse:  admin

  Action: 

  Type:  User Error (256)

  Description:  View ' does not exist

  Script:  /home/oxyfacto/public_html/billing/newedge/classes/NE_Controller.php

  Line Number:  88

  Stack: 

 

    /home/oxyfacto/public_html/billing/newedge/classes/NE_Controller.php (88) : trigger_error

    /home/oxyfacto/public_html/billing/newedge/front.php (72) : ne_controller::processview

    /home/oxyfacto/public_html/billing/index.php (3) : require

 

Going to http://oxyfactor.com/billing/newedge/front.php redirects to this page; http://oxyfactor.com/billing/newedge/index.php?fuse=admin&view=Login, but gives this error.

Not Found

The requested URL /billing/newedge/index.php was not found on this server.

 

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Link to comment
https://forums.phpfreaks.com/topic/79744-no-subject/#findComment-403993
Share on other sites
newb Advanced Member

newb

Posted
  • Author
Posted

yeah. alot of full path disclosures. i fail 2 see how its much harm though lol. its only showing the obvious (that im in /home/ and my username is oxyfacto and i use public_html like everyone else?)

 

:s.

 

the request password doesnt work anyway, and if it did everythings md5 encrypted anyways so ppl wud just be getting md5 hashes.

Link to comment
https://forums.phpfreaks.com/topic/79744-no-subject/#findComment-404021
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.