Jump to content

Recommended Posts

Everywhere I went to find how i could check to see if a user is online by using

sessions, or even counting the users online using sessions, i was told that it

was not possible and that i had to use a database or it would not work. Well it

seems as if everyone i went to was wrong. I have developed a script which will

do just that. I had a lot of bugs along the way but that is to be expected of

any script is it not? Anyways i just wanted to see if you guys could poke around

in it for a bit and tell me if it could be maliciously hacked and how i might

guard against it. I would also like to know of anyways this particular way of

doing it may not work as well as it is supposed to.

 

download: http://www2.iqlogin.net/download/index.php

 

It is currently the only download available at that link but there is more to

come. If you have any questions or comments about it please send them to

iql-online@iqlogin.net,

 

Thanks for all of the help,

Quinn (a.k.a mr. mind)

Link to comment
https://forums.phpfreaks.com/topic/82280-users-online-detetection-with-sessions/
Share on other sites

Admin Access:

The PHP Source Code Disclosure reveals your password.

 

Cross Site Scripting:

There is Cross Site Scripting on http://www2.iqlogin.net/mr_layoutguy/intro.php if the fields contain ">code.

 

Full Path Disclosure:

http://www2.iqlogin.net/admin/

Fatal error: Call to undefined function member_menu() in /var/www/localhost/htdocs/admin/index.php on line 18

 

Full Path Disclosure:

http://www2.iqlogin.net/design/submit.php

Fatal error: Call to undefined function member_menu() in /var/www/localhost/htdocs/design/submit.php on line 18

 

Full Path Disclosure:

http://www2.iqlogin.net/dsl/page-views.php

Fatal error: Call to undefined function member_menu() in /var/www/localhost/htdocs/dsl/page-views.php on line 18

 

Full Path Disclosure:

http://www2.iqlogin.net/download/iql-online-1.1/module.php

Warning: require_once(/var/www/localhost/htdocs/iql-online-1.1/config.php) [function.require-once]: failed to open stream: No such file or directory in /var/www/localhost/htdocs/download/iql-online-1.1/module.php on line 2

 

Fatal error: require_once() [function.require]: Failed opening required '/var/www/localhost/htdocs/iql-online-1.1/config.php' (include_path='.:/usr/share/php5:/usr/share/php') in /var/www/localhost/htdocs/download/iql-online-1.1/module.php on line 2

 

Full Path Disclosure:

http://www2.iqlogin.net/inc/modules/member_menu.php

Fatal error: Call to undefined function verify_user() in /var/www/localhost/htdocs/inc/modules/member_menu.php on line 4

 

Full Path Disclosure:

http://www2.iqlogin.net/inc/modules/other_menu.php

Fatal error: Call to undefined function verify_user() in /var/www/localhost/htdocs/inc/modules/other_menu.php on line 10

 

Full Path Disclosure:

http://www2.iqlogin.net/user/activate.php

Parse error: syntax error, unexpected T_ELSE in /var/www/localhost/htdocs/user/activate.php on line 71

 

Full Path Disclosure:

http://www2.iqlogin.net/inc/modules/users_active.php

Fatal error: Call to undefined function user_online() in /var/www/localhost/htdocs/inc/modules/users_active.php on line 29

 

Includes Directory:

http://www2.iqlogin.net/inc/

 

Includes Directory:

http://www2.iqlogin.net/site/

 

PHP Source Code Disclosure

There is PHP Source Code Disclosure on multiple pages if you add ~ at the end of the URL.

 

SQL Dump:

http://www2.iqlogin.net/tables.sql

  • 2 weeks later...
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.