Jump to content

Recommended Posts

Admin Access:

http://www.commabunny.org/v8/CB_BBS_8.5_20071012.tar.gz contains your password.

 

Admin Access:

You can upload and delete any files on the server on http://www.commabunny.org/public/pub/.

 

Array:

http://www.commabunny.org/blog/pt.php?b[]

 

Array:

http://www.commabunny.org/v8/vt.php?b[]

 

Array:

http://www.commabunny.org/v8/st.php?b[]

 

Full Path Disclosure:

http://www.commabunny.org/vt.php

Warning: include(stuff/config.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/vt.php on line 5

 

Warning: include() [function.include]: Failed opening 'stuff/config.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/vt.php on line 5

 

Warning: include(stuff/funs/bbcode.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/vt.php on line 6

 

Warning: include() [function.include]: Failed opening 'stuff/funs/bbcode.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/vt.php on line 6

 

Warning: include(stuff/funs/vald.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/vt.php on line 7

 

Warning: include() [function.include]: Failed opening 'stuff/funs/vald.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/vt.php on line 7

 

Warning: include(stuff/funs/time.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/vt.php on line 8

 

Warning: include() [function.include]: Failed opening 'stuff/funs/time.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/vt.php on line 8

 

Warning: include(stuff/ban.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/vt.php on line 9

 

Warning: include() [function.include]: Failed opening 'stuff/ban.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/vt.php on line 9

 

Warning: mysql_connect() [function.mysql-connect]: Unknown MySQL server host 'host' (1) in /home/content/p/o/o/poopy/html/vt.php on line 10

Unknown MySQL server host 'host' (1)

 

Full Path Disclosure:

http://www.commabunny.org/0.php

Warning: Division by zero in /home/content/p/o/o/poopy/html/0.php on line 4

 

Full Path Disclosure:

http://www.commabunny.org/v8/stuff/l.php

Warning: include(stuff/config.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 5

 

Warning: include() [function.include]: Failed opening 'stuff/config.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 5

 

Warning: include(stuff/ban.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 6

 

Warning: include() [function.include]: Failed opening 'stuff/ban.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 6

 

Warning: mysql_connect() [function.mysql-connect]: Unknown MySQL server host 'host' (1) in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 7

Unknown MySQL server host 'host' (1)

 

Full Path Disclosure:

http://www.commabunny.org/v8/stuff/l_s.php

Warning: include(stuff/config.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 5

 

Warning: include() [function.include]: Failed opening 'stuff/config.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 5

 

Warning: include(stuff/ban.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 6

 

Warning: include() [function.include]: Failed opening 'stuff/ban.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 6

 

Warning: mysql_connect() [function.mysql-connect]: Unknown MySQL server host 'host' (1) in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 7

Unknown MySQL server host 'host' (1)

 

Full Path Disclosure:

http://www.commabunny.org/v8/stuff/l_t.php

Warning: include(stuff/config.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 5

 

Warning: include() [function.include]: Failed opening 'stuff/config.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 5

 

Warning: include(stuff/ban.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 6

 

Warning: include() [function.include]: Failed opening 'stuff/ban.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 6

 

Warning: mysql_connect() [function.mysql-connect]: Unknown MySQL server host 'host' (1) in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 7

Unknown MySQL server host 'host' (1)

 

Full Path Disclosure:

http://www.commabunny.org/blog/l.php

Warning: mysql_connect() [function.mysql-connect]: Unknown MySQL server host 'host' (1) in /home/content/p/o/o/poopy/html/blog/l.php on line 5

Unknown MySQL server host 'host' (1)

 

Log:

http://www.commabunny.org/v8/admin/p.php

 

MySQL Error:

http://www.commabunny.org/v8/pt.php

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

MySQL Error:

http://www.commabunny.org/v8/sp.php

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

MySQL Error:

http://www.commabunny.org/v8/v.php

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

SQL Dump:

http://www.commabunny.org/v8/New Text Document.txt

 

SQL Error:

http://www.commabunny.org/v8/vt.php

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

SQL Error:

http://www.commabunny.org/v8/st.php

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

SQL Injection:

http://www.commabunny.org/v8/vt.php?num=186 AND 1=1&b=1

http://www.commabunny.org/v8/vt.php?num=186 AND 1=2&b=1

 

SQL Injection:

http://www.commabunny.org/v8/vt.php?num=186&b=1 AND 1=1

http://www.commabunny.org/v8/vt.php?num=186&b=1 AND 1=2

Link to comment
https://forums.phpfreaks.com/topic/80897-test-my-little-bbs-d/#findComment-410417
Share on other sites

There's a lot of bugs but I'm only going to post this one for now:

 

You can upload/delete any files on the server:

http://www.commabunny.org/public/pub/

 

This is very serious. You can make a php script that reads/edits all of the files on your server.

 

--edit I just make a php script that got the usernames/passwords for the db and admin panel...

 

Well that sucks.  Anything else?

 

EDIT:Also how exactly would you get the usernames and password for the db and admin panel?  I was aware that you can upload some love that'll read the directories, but how exactly can they read and print out the password for the db and admin panel? 

 

EDIT:And other than the /public directory is there anything wrong with the bbs directory (/v8)?  So far I'm only aware of one XSS exploit, but it only effects IE so I havn't bothered fixing it. 

Link to comment
https://forums.phpfreaks.com/topic/80897-test-my-little-bbs-d/#findComment-410422
Share on other sites

Array:

http://commabunny.org/v8/st.php?b[]

Unknown column 'Array' in 'where clause'

 

MySQL Error:

http://commabunny.org/v8/st.php?b='

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

 

Array:

http://commabunny.org/v8/vt.php?num=129&b[]

Unknown column 'Array' in 'where clause'

 

MySQL Error:

http://commabunny.org/v8/vt.php?num=129&b='

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1

 

MySQL Error:

http://commabunny.org/v8/vt.php

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

Array:

]http://commabunny.org/v8/pt.php?b[]

Unknown column 'Array' in 'where clause'
Link to comment
https://forums.phpfreaks.com/topic/80897-test-my-little-bbs-d/#findComment-410459
Share on other sites

And the Array thing just has me confused.  :-[

 

 

Are you using $_GET variables?

 

Yeah.  I'm wondering what the array thing is.  Is it dangerous?  If so how can I get rid of it?

 

It's not really dangerous but is just a flaw.

 

To fix it do this:

 

<?php
if(isset($_GET['b']) && is_array($_GET['b'])) { 
//Code here for what to do if the GET variable is an array. Probably die();
}
?>

 

Sam

Link to comment
https://forums.phpfreaks.com/topic/80897-test-my-little-bbs-d/#findComment-410616
Share on other sites

  • 6 months later...

Password type input with autocomplete enabled

The impact of this vulnerability

Possible sensitive information disclosure

 

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">

Files listed in robots.txt but not linked

 

The impact of this vulnerability

Possible sensitive information disclosure

 

How to fix this vulnerability

In robots.txt you should include only files or directories linked on the site.

 

Link to comment
https://forums.phpfreaks.com/topic/80897-test-my-little-bbs-d/#findComment-585814
Share on other sites

http://commabunny.org/

 

In the username / password section I simply put ' (an apostrophi) clicked login (no pass) and:

 

User stuff

Logged in as '

Change Profile

View Posts

Log out

if (ereg("[^A-Za-z0-9]", $_POST['uservar'])){
blah...
}
else
{
blah...
}

Link to comment
https://forums.phpfreaks.com/topic/80897-test-my-little-bbs-d/#findComment-587353
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.