Jump to content

Test my forum

roadshow

By roadshow
in Beta Test Your Stuff!

 Share

Recommended Posts

Coreye Member

Coreye

Posted
Posted

You can submit HTML into the fields when creating topics.

 

Cross Site Scripting:

http://www.toxicana.com/forum/register.php/"><marquee><h1>vulnerable

 

Cross Site Scripting:

http://www.toxicana.com/forum/login.php/"><marquee><h1>vulnerable

 

Theirs cross site scripting if you submit code into the comment field when creating topics.

http://www.toxicana.com/forum/main_forum.php

 

Theirs cross site scripting if you submit code into the name field when creating topics.

http://www.toxicana.com/forum/main_forum.php

 

Theirs cross site scripting if you submit code when you register.

http://www.toxicana.com/forum/members.php

 

You can edit the maxlength value when creating topics for the name field.

 

You can press the back button and use the same captcha when creating topics. It's easy to flood that way.

 

You can submit blank usernames.

 

You can can submit blank comments.

Link to comment
Share on other sites
Coreye Member

Coreye

Posted
Posted

Full Path Disclosure:

http://www.toxicana.com/forum/main_forum.php?page='

http://www.toxicana.com/forum/main_forum.php?page=a

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/toxicana/public_html/forum/main_forum.php on line 58

 

Full Path Disclosure:

http://www.toxicana.com/forum/members.php?page='

http://www.toxicana.com/forum/members.php?page=a

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/toxicana/public_html/forum/members.php on line 63

 

Full Path Disclosure:

http://www.toxicana.com/forum/view_topic.php?id=14&page='

http://www.toxicana.com/forum/view_topic.php?id=14&page=a

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/toxicana/public_html/forum/view_topic.php on line 57

 

 

When you login with a username that does not exist, you get this error message "That user does not exist in our database. Click Here to Register" but when you click "Click Here" it goes to this page; http://www.toxicana.com/forum/add.php, which doesn't exist.

 

 

 

 

 

Link to comment
Share on other sites
Coreye Member

Coreye

Posted
Posted

Cross Site Scripting:

http://www.toxicana.com/forum/edit_topic.php?id="><marquee><h1>vulnerable

 

Array:

]http://www.toxicana.com/forum/view_profile.php?id[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/toxicana/public_html/forum/view_profile.php on line 9

 

Array:

]http://www.toxicana.com/forum/edit_topic.php?id[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/toxicana/public_html/forum/edit_topic.php on line 8

 

Array:

]http://www.toxicana.com/forum/del_topic.php?id[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/toxicana/public_html/forum/del_topic.php on line 8
Link to comment
Share on other sites
Coreye Member

Coreye

Posted
Posted

Array:

]http://www.toxicana.com/forum/members.php?page[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/toxicana/public_html/forum/members.php on line 17

 

Array:

]http://www.toxicana.com/forum/main_forum.php?page[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/toxicana/public_html/forum/main_forum.php on line 13

 

Array:

]http://www.toxicana.com/forum/view_topic.php?id=11&page[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/toxicana/public_html/forum/view_topic.php on line 45

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/toxicana/public_html/forum/view_topic.php on line 57

Link to comment
Share on other sites
agentsteal Newbie

agentsteal

Posted
Posted

Cross Site Scripting:

http://www.toxicana.com/forum/register.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

There is Cross Site Scripting if the ID_my_site cookie contains code.

 

Cross Site Scripting:

There is Cross Site Scripting in the forum if a post contains code.

 

Cross Site Scripting:

There is Cross Site Scripting if your username contains code.

 

Cross Site Scripting:

http://www.toxicana.com/forum/login.php/"><marquee><h1>vulnerable</marquee>

 

Full Path Disclosure:

http://www.toxicana.com/forum/view_topic.php?id[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/toxicana/public_html/forum/view_topic.php on line 9

 

Full Path Disclosure:

http://www.toxicana.com/forum/view_topic.php?page[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/toxicana/public_html/forum/view_topic.php on line 45

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/toxicana/public_html/forum/view_topic.php on line 57

 

Full Path Disclosure:

http://www.toxicana.com/forum/members.php?page=a

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/toxicana/public_html/forum/members.php on line 63

 

Full Path Disclosure:

http://www.toxicana.com/forum/edit_topic.php?id

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/toxicana/public_html/forum/edit_topic.php on line 8

 

Full Path Disclosure:

http://www.toxicana.com/forum/main_forum.php?page=a

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/toxicana/public_html/forum/main_forum.php on line 58

 

Full Path Disclosure:

http://www.toxicana.com/forum/del_topic.php?id[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /home/toxicana/public_html/forum/del_topic.php on line 8

 

Insecure cookie:

You shouldn't put the username in the cookie.

 

User Enumeration:

http://www.toxicana.com/~toxicana

 

User Enumeration:

http://www.toxicana.com/~root

 

You can log in as any member by changing the username cookie to their username.

 

You can log in as Array if the ID_my_site cookie is an array.

Link to comment
Share on other sites
helraizer Regular Member

helraizer

Posted
Posted

XSS - woops..

 

http://www.toxicana.com/forum/main_forum.php  *whistles to self...* I didn't do it.

 

Also you have a problem with really long usernames.. on the register page, maxlength=60 whereas on login.php maxlength=40.

 

 

(You might want to delete my user account on your forum now.. else no one can view that page.. or anyother page come to that :P) - sorry 'bout that, I didn't realise that'd be quite as bad as it was. Just shows you, though.

 

Sam

Link to comment
Share on other sites
  • 1 month later...
rcorlew Member

rcorlew

Posted
Posted

The best way to fix disclosures I have found is this little snippet of code, only use this after you have fully tested the script or else you will not be able to debug your scripts. Just put this little gem right after your opening php tag.

 

error_reporting(0);

 

Then to stop xSs you should try something like this:

 

function stopXss($var){

$var = addslashes($var);

$var = htmlentities($var);

$var = what_ever_else($var);

return $var;

}

 

Then call the function like this

 

$name = stopXss($_POST["name"]);

$password = stopXss($_POST["password"]);

 

I think you can get the picture.

 

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.