phpSensei Posted December 14, 2007 Share Posted December 14, 2007 http://flash-portal.org/fp-quick/ Check for security issues. NOTE: I know that when you upload txt files, it wont download them. Please use FLA, SWF, And Image files just for now. NO PNG Link to comment Share on other sites More sharing options...
agentsteal Posted December 15, 2007 Share Posted December 15, 2007 Admin Access: You can upload PHP scripts. Cross Site Scripting: http://www.flash-portal.org/fp-quick/upload/index.php Full Path Disclosure: http://www.flash-portal.org/fp-quick/upload/c.php Full Path Disclosure: Parse error: syntax error, unexpected T_ELSEIF in /mounted-storage/home45c/sub002/sc33159-IXOG/flash-portal.org/fp-quick/index.php on line 196 Full Path Disclosure: http://www.flash-portal.org/fp-quick/?page=watch&subID=24 Warning: getimagesize() [function.getimagesize]: Unable to access upload/Spac2007Start.swf in /mounted-storage/home45c/sub002/sc33159-IXOG/flash-portal.org/fp-quick/index.php on line 143 Warning: getimagesize(upload/Spac2007Start.swf) [function.getimagesize]: failed to open stream: No such file or directory in /mounted-storage/home45c/sub002/sc33159-IXOG/flash-portal.org/fp-quick/index.php on line 143 You can access other users' files by changing the subID in http://www.flash-portal.org/fp-quick/?page=watch&subID=21 Link to comment Share on other sites More sharing options...
phpSensei Posted December 15, 2007 Author Share Posted December 15, 2007 I am trying to fix the PHP upload types, and the ELSE_IF was an error I made. Now fixed. Fixed upload type. Link to comment Share on other sites More sharing options...
phpSensei Posted December 15, 2007 Author Share Posted December 15, 2007 For some reason, I added "application/octet-stream" as an allowed extension. Link to comment Share on other sites More sharing options...
phpSensei Posted December 15, 2007 Author Share Posted December 15, 2007 You can find other members' files by changing the subID in http://www.flash-portal.org/fp-quick/?page=watch&subID=21 Full Path Disclosure: http://www.flash-portal.org/fp-quick/?page=watch&subID=24 Warning: getimagesize() [function.getimagesize]: Unable to access upload/Spac2007Start.swf in /mounted-storage/home45c/sub002/sc33159-IXOG/flash-portal.org/fp-quick/index.php on line 143 Warning: getimagesize(upload/Spac2007Start.swf) [function.getimagesize]: failed to open stream: No such file or directory in /mounted-storage/home45c/sub002/sc33159-IXOG/flash-portal.org/fp-quick/index.php on line 143 Going to filter the ID, and that Error comes up because I emptied the upload/ DIR, meaning the files wont be found by the script. Link to comment Share on other sites More sharing options...
phpSensei Posted December 15, 2007 Author Share Posted December 15, 2007 Fixed 3 bugs - Renaming files if already exists, I didnt add the extensions back - GetImageSize was all wrong - http://www.flash-portal.org/fp-quick/?page=watch&subID=c_close_897l Files are now safe. Link to comment Share on other sites More sharing options...
Coreye Posted December 15, 2007 Share Posted December 15, 2007 Array - Full Path Disclosure: http://www.flash-portal.org/fp-quick/?page=watch&subID[] Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in /mounted-storage/home45c/sub002/sc33159-IXOG/flash-portal.org/fp-quick/index.php on line 123 Link to comment Share on other sites More sharing options...
phpSensei Posted December 15, 2007 Author Share Posted December 15, 2007 Fixed http://www.flash-portal.org/fp-quick/?page=watch&subID[] Link to comment Share on other sites More sharing options...
[-_-] Posted December 15, 2007 Share Posted December 15, 2007 looks pretty good. You should do the same thing imageshack and tinypic does. Position your ads near the default spot of the open button so people accidently click in your ad, getting you more money from your advertisers. Link to comment Share on other sites More sharing options...
phpSensei Posted December 15, 2007 Author Share Posted December 15, 2007 I do it for the past time, I don't really care about this. Link to comment Share on other sites More sharing options...
phpSensei Posted December 16, 2007 Author Share Posted December 16, 2007 Is there no more bugs? Link to comment Share on other sites More sharing options...
phpSensei Posted December 16, 2007 Author Share Posted December 16, 2007 There are still some of the php files I uploaded. http://www.flash-portal.org/fp-quick/upload/c.php Oops, forgot to delete them Link to comment Share on other sites More sharing options...
Recommended Posts