Henaro Posted December 9, 2007 Share Posted December 9, 2007 It's delicious and small, so be gentle . http://commabunny.org/v8 Link to comment Share on other sites More sharing options...
agentsteal Posted December 9, 2007 Share Posted December 9, 2007 Admin Access: http://www.commabunny.org/v8/CB_BBS_8.5_20071012.tar.gz contains your password. Admin Access: You can upload and delete any files on the server on http://www.commabunny.org/public/pub/. Array: http://www.commabunny.org/blog/pt.php?b[] Array: http://www.commabunny.org/v8/vt.php?b[] Array: http://www.commabunny.org/v8/st.php?b[] Full Path Disclosure: http://www.commabunny.org/vt.php Warning: include(stuff/config.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/vt.php on line 5 Warning: include() [function.include]: Failed opening 'stuff/config.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/vt.php on line 5 Warning: include(stuff/funs/bbcode.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/vt.php on line 6 Warning: include() [function.include]: Failed opening 'stuff/funs/bbcode.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/vt.php on line 6 Warning: include(stuff/funs/vald.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/vt.php on line 7 Warning: include() [function.include]: Failed opening 'stuff/funs/vald.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/vt.php on line 7 Warning: include(stuff/funs/time.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/vt.php on line 8 Warning: include() [function.include]: Failed opening 'stuff/funs/time.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/vt.php on line 8 Warning: include(stuff/ban.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/vt.php on line 9 Warning: include() [function.include]: Failed opening 'stuff/ban.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/vt.php on line 9 Warning: mysql_connect() [function.mysql-connect]: Unknown MySQL server host 'host' (1) in /home/content/p/o/o/poopy/html/vt.php on line 10 Unknown MySQL server host 'host' (1) Full Path Disclosure: http://www.commabunny.org/0.php Warning: Division by zero in /home/content/p/o/o/poopy/html/0.php on line 4 Full Path Disclosure: http://www.commabunny.org/v8/stuff/l.php Warning: include(stuff/config.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 5 Warning: include() [function.include]: Failed opening 'stuff/config.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 5 Warning: include(stuff/ban.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 6 Warning: include() [function.include]: Failed opening 'stuff/ban.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 6 Warning: mysql_connect() [function.mysql-connect]: Unknown MySQL server host 'host' (1) in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 7 Unknown MySQL server host 'host' (1) Full Path Disclosure: http://www.commabunny.org/v8/stuff/l_s.php Warning: include(stuff/config.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 5 Warning: include() [function.include]: Failed opening 'stuff/config.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 5 Warning: include(stuff/ban.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 6 Warning: include() [function.include]: Failed opening 'stuff/ban.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 6 Warning: mysql_connect() [function.mysql-connect]: Unknown MySQL server host 'host' (1) in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 7 Unknown MySQL server host 'host' (1) Full Path Disclosure: http://www.commabunny.org/v8/stuff/l_t.php Warning: include(stuff/config.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 5 Warning: include() [function.include]: Failed opening 'stuff/config.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 5 Warning: include(stuff/ban.php) [function.include]: failed to open stream: No such file or directory in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 6 Warning: include() [function.include]: Failed opening 'stuff/ban.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 6 Warning: mysql_connect() [function.mysql-connect]: Unknown MySQL server host 'host' (1) in /home/content/p/o/o/poopy/html/v8/stuff/l.php on line 7 Unknown MySQL server host 'host' (1) Full Path Disclosure: http://www.commabunny.org/blog/l.php Warning: mysql_connect() [function.mysql-connect]: Unknown MySQL server host 'host' (1) in /home/content/p/o/o/poopy/html/blog/l.php on line 5 Unknown MySQL server host 'host' (1) Log: http://www.commabunny.org/v8/admin/p.php MySQL Error: http://www.commabunny.org/v8/pt.php You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 MySQL Error: http://www.commabunny.org/v8/sp.php You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 MySQL Error: http://www.commabunny.org/v8/v.php You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 SQL Dump: http://www.commabunny.org/v8/New Text Document.txt SQL Error: http://www.commabunny.org/v8/vt.php You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 SQL Error: http://www.commabunny.org/v8/st.php You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 SQL Injection: http://www.commabunny.org/v8/vt.php?num=186 AND 1=1&b=1 http://www.commabunny.org/v8/vt.php?num=186 AND 1=2&b=1 SQL Injection: http://www.commabunny.org/v8/vt.php?num=186&b=1 AND 1=1 http://www.commabunny.org/v8/vt.php?num=186&b=1 AND 1=2 Link to comment Share on other sites More sharing options...
Henaro Posted December 9, 2007 Author Share Posted December 9, 2007 There's a lot of bugs but I'm only going to post this one for now: You can upload/delete any files on the server: http://www.commabunny.org/public/pub/ This is very serious. You can make a php script that reads/edits all of the files on your server. --edit I just make a php script that got the usernames/passwords for the db and admin panel... Well that sucks. Anything else? EDIT:Also how exactly would you get the usernames and password for the db and admin panel? I was aware that you can upload some love that'll read the directories, but how exactly can they read and print out the password for the db and admin panel? EDIT:And other than the /public directory is there anything wrong with the bbs directory (/v8)? So far I'm only aware of one XSS exploit, but it only effects IE so I havn't bothered fixing it. Link to comment Share on other sites More sharing options...
Coreye Posted December 9, 2007 Share Posted December 9, 2007 Array: http://commabunny.org/v8/st.php?b[] Unknown column 'Array' in 'where clause' MySQL Error: http://commabunny.org/v8/st.php?b=' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 Array: http://commabunny.org/v8/vt.php?num=129&b[] Unknown column 'Array' in 'where clause' MySQL Error: http://commabunny.org/v8/vt.php?num=129&b=' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 MySQL Error: http://commabunny.org/v8/vt.php You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Array: ]http://commabunny.org/v8/pt.php?b[] Unknown column 'Array' in 'where clause' Link to comment Share on other sites More sharing options...
Henaro Posted December 9, 2007 Author Share Posted December 9, 2007 Thanks a lot guys keep'm coming. This is great. Link to comment Share on other sites More sharing options...
Henaro Posted December 9, 2007 Author Share Posted December 9, 2007 SQL Injection: http://www.commabunny.org/v8/vt.php?num=186 AND 1=1&b=1 http://www.commabunny.org/v8/vt.php?num=186 AND 1=2&b=1 SQL Injection: http://www.commabunny.org/v8/vt.php?num=186&b=1 AND 1=1 http://www.commabunny.org/v8/vt.php?num=186&b=1 AND 1=2 Array: http://www.commabunny.org/blog/pt.php?b[] Array: http://www.commabunny.org/v8/vt.php?b[] http://www.commabunny.org/v8/st.php?b[] How would I get rid of these? I have the function mysql_real_escape_string() on those variables. ??? And the Array thing just has me confused. Link to comment Share on other sites More sharing options...
helraizer Posted December 9, 2007 Share Posted December 9, 2007 And the Array thing just has me confused. Are you using $_GET variables? Link to comment Share on other sites More sharing options...
Henaro Posted December 10, 2007 Author Share Posted December 10, 2007 And the Array thing just has me confused. Are you using $_GET variables? Yeah. I'm wondering what the array thing is. Is it dangerous? If so how can I get rid of it? Link to comment Share on other sites More sharing options...
helraizer Posted December 10, 2007 Share Posted December 10, 2007 And the Array thing just has me confused. Are you using $_GET variables? Yeah. I'm wondering what the array thing is. Is it dangerous? If so how can I get rid of it? It's not really dangerous but is just a flaw. To fix it do this: <?php if(isset($_GET['b']) && is_array($_GET['b'])) { //Code here for what to do if the GET variable is an array. Probably die(); } ?> Sam Link to comment Share on other sites More sharing options...
Henaro Posted December 10, 2007 Author Share Posted December 10, 2007 Ah I see thanks a lot. Link to comment Share on other sites More sharing options...
darkfreaks Posted July 9, 2008 Share Posted July 9, 2008 Password type input with autocomplete enabled The impact of this vulnerability Possible sensitive information disclosure How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> Files listed in robots.txt but not linked The impact of this vulnerability Possible sensitive information disclosure How to fix this vulnerability In robots.txt you should include only files or directories linked on the site. Link to comment Share on other sites More sharing options...
Andy-H Posted July 11, 2008 Share Posted July 11, 2008 http://commabunny.org/ In the username / password section I simply put ' (an apostrophi) clicked login (no pass) and: User stuff Logged in as ' Change Profile View Posts Log out if (ereg("[^A-Za-z0-9]", $_POST['uservar'])){ blah... } else { blah... } Link to comment Share on other sites More sharing options...
olie122333 Posted July 11, 2008 Share Posted July 11, 2008 the first link don't work... ^^ Link to comment Share on other sites More sharing options...
Recommended Posts