I need some urgent help please

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'test'@'localhost' (using password: YES) in /home/xsvcashc/public_html/test/config.php on line 8

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/xsvcashc/public_html/test/config.php on line 8

Warning: mysql_query() [function.mysql-query]: Access denied for user 'xsvcashc'@'localhost' (using password: NO) in /home/xsvcashc/public_html/test/index.php on line 91

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/xsvcashc/public_html/test/index.php on line 91

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/xsvcashc/public_html/test/index.php on line 92

Warning: mysql_query() [function.mysql-query]: Access denied for user 'xsvcashc'@'localhost' (using password: NO) in /home/xsvcashc/public_html/test/index.php on line 106

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/xsvcashc/public_html/test/index.php on line 106

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/xsvcashc/public_html/test/index.php on line 107

Warning: mysql_query() [function.mysql-query]: Access denied for user 'xsvcashc'@'localhost' (using password: NO) in /home/xsvcashc/public_html/test/index.php on line 115

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/xsvcashc/public_html/test/index.php on line 115

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/xsvcashc/public_html/test/index.php on line 116

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'test'@'localhost' (using password: YES) in /home/xsvcashc/public_html/test/config.php on line 8

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/xsvcashc/public_html/test/config.php on line 8

Warning: mysql_query() [function.mysql-query]: Access denied for user 'xsvcashc'@'localhost' (using password: NO) in /home/xsvcashc/public_html/test/index.php on line 140

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/xsvcashc/public_html/test/index.php on line 140

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/xsvcashc/public_html/test/index.php on line 141

Warning: mysql_query() [function.mysql-query]: Access denied for user 'xsvcashc'@'localhost' (using password: NO) in /home/xsvcashc/public_html/test/index.php on line 151

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/xsvcashc/public_html/test/index.php on line 151

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/xsvcashc/public_html/test/index.php on line 152

Full Path Disclosure:

http://www.xsvcash.com/test/advertise.php

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'test'@'localhost' (using password: YES) in /home/xsvcashc/public_html/test/config.php on line 8

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/xsvcashc/public_html/test/config.php on line 8

Warning: mysql_query() [function.mysql-query]: Access denied for user 'xsvcashc'@'localhost' (using password: NO) in /home/xsvcashc/public_html/test/advertise.php on line 456

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/xsvcashc/public_html/test/advertise.php on line 456

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/xsvcashc/public_html/test/advertise.php on line 457

- Setting up and displaying your link for adbux members to visit is fast and simple.

- We charge $ per

Warning: mysql_query() [function.mysql-query]: Access denied for user 'xsvcashc'@'localhost' (using password: NO) in /home/xsvcashc/public_html/test/advertise.php on line 468

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/xsvcashc/public_html/test/advertise.php on line 468

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/xsvcashc/public_html/test/advertise.php on line 469

Full Path Disclosure:

http://www.xsvcash.com/test/config.php

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'test'@'localhost' (using password: YES) in /home/xsvcashc/public_html/test/config.php on line 8

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/xsvcashc/public_html/test/config.php on line 8

Full Path Disclosure:

http://www.xsvcash.com/test/login.php

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'test'@'localhost' (using password: YES) in /home/xsvcashc/public_html/test/config.php on line 8

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/xsvcashc/public_html/test/config.php on line 8

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/xsvcashc/public_html/test/config.php: in /home/xsvcashc/public_html/test/login.php on line 10

Warning: mysql_query() [function.mysql-query]: Access denied for user 'xsvcashc'@'localhost' (using password: NO) in /home/xsvcashc/public_html/test/login.php on line 25

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/xsvcashc/public_html/test/login.php on line 25

Access denied for user 'xsvcashc'@'localhost' (using password: NO)

Full Path Disclosure:

http://www.xsvcash.com/test/register.php

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'test'@'localhost' (using password: YES) in /home/xsvcashc/public_html/test/config.php on line 8

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/xsvcashc/public_html/test/config.php on line 8

Full Path Disclosure:

http://www.xsvcash.com/test/surf.php

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'test'@'localhost' (using password: YES) in /home/xsvcashc/public_html/test/config.php on line 8

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/xsvcashc/public_html/test/config.php on line 8

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/xsvcashc/public_html/test/surf.php on line 231

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/xsvcashc/public_html/test/surf.php on line 232

Includes Directory:

http://www.xsvcash.com/pages/

Insecure Cookie:

You shouldn't put the password in the cookie.

Insecure Cookie:

You shouldn't put the username in the cookie.

SQL Injection:

http://www.xsvcash.com/cgi-bin/gptemsgbox.cgi?ut=0&msg=1 AND 1=1

http://www.xsvcash.com/cgi-bin/gptemsgbox.cgi?ut=0&msg=1 AND 1=2

SQL Injection:

http://www.xsvcash.com/cgi-bin/gpte.cgi?page=EMail_Verification_Code_Sent'+and+'1'='1

http://www.xsvcash.com/cgi-bin/gpte.cgi?page=EMail_Verification_Code_Sent'+and+'1'='2

SQL Injection:

http://www.xsvcash.com/cgi-bin/gpte.cgi.old?page=EMail_Verification_Code_Sent'+and+'1'='1

http://www.xsvcash.com/cgi-bin/gpte.cgi.old?page=EMail_Verification_Code_Sent'+and+'1'='2

URL Inclusion:

http://www.xsvcash.com/cgi-bin/gptecntct.cgi?url=http://www.google.com/

URL Inclusion:

http://www.xsvcash.com/cgi-bin/gptemsg.cgi?url=http://www.google.com/

URL Inclusion:

http://www.xsvcash.com/cgi-bin/gptelogin.cgi?id=aaaaaa&pass=aaaaaa&op=0&ut=0&url=http://www.google.com/

User Enumeration:

http://www.xsvcash.com/~root

User Enumeration:

http://xsvcash.com/~xsvcashc

You can log in as any user by setting the URL to their username and password.

You shouldn't put the password in the URL.

You shouldn't put the username in the URL.

xsvcash · December 2, 2007

thank you for finding those!

but i have been reading more on xss and i dont see how someone could mess up a website with it ???

i know that you can use XSS to get a cookies, but people can only get their own cookies, so how would that be a threat?

another thing, you guys were saying "Full Path Disclosure", is that a big security thing?

also, what does "Directory Transversal", "URL Inclusion", "User Enumeration" and "Array" mean? and how could they be a threat?

im sorry for sounding so stupid, but me and 3 other people coded this, so it never was really organized, but when the site started messing up i instantly though of security!

thankss for the replies and please continue to help me out,, thank you so much

helraizer · December 3, 2007

image.php

That image can easily be read by a spam bot. You should add random noise to the image and a font, which will help stall, but not necessarily prevent spam bots.

The spam bot reads your source and finds the image source, it can then analyse the image to get the string from it.

A way to do it is, like this, for example; have the URL of the http://forum.dragonforce.com/profile.php?mode=confirm&id=289f85efb9cd2212e321ae23e2ec14b8

If you try to view the image with the &id=... it will not work, but with the &id=... it will. The spam bots tend to copy what's in the source and do not change them, therefore cannot view the image.

Sam

Sign In

I need some urgent help please

Recommended Posts

xsvcash

Link to comment

Share on other sites

Coreye

Link to comment

Share on other sites

agentsteal

Link to comment

Share on other sites

xsvcash

Link to comment

Share on other sites

helraizer

Link to comment

Share on other sites

Browse

Activity

Important Information