[SOLVED] my site??? secure???? doubt it

[thewooleymammoth]

test it out for me please

 

 

www.vghunter.net

[agentsteal]

Array:

http://www.vghunter.net/comment.php?gn[]

 

Array:

http://www.vghunter.net/game.php?gn[]

 

Cross Site Scripting:

http://www.vghunter.net/game.php?gn='><marquee>vulnerable</marquee>

 

Cross Site Scripting:

There is Cross Site Scripting if the Expect header contains code.

 

Directory Transversal:

You can make txt files in any directory by posting comments with the gn field set to ../filename.

 

Directory Transversal:

http://www.vghunter.net/game.php?gn=../../agentsteal

 

You can make txt files in http://www.vghunter.net/games/ by posting comments with the gn field set to the filename.

[thewooleymammoth]

would you mind telling me how to fix that cause i dont know how you did that... thanks for testing though

[thewooleymammoth]

Cross Site Scripting:

http://www.vghunter.net/game.php?gn='><marquee>vulnerable</marquee>

 

Array:

http://www.vghunter.net/game.php?gn[]

 

Array:

http://www.vghunter.net/comment.php?gn[]

 

There is Cross Site Scripting through the Expect header.

 

You can make txt files in http://www.vghunter.net/games/ by posting comments. The txt's filename can be set through the gn parameter.

POC:

http://www.vghunter.net/games/agentsteal.txt

 

Directory Transversal:

You can make txt files in any directory by posting comments with ../filename as the gn parameter.

POC:

http://www.vghunter.net/agentsteal.txt

 

Directory Transversal:

http://www.vghunter.net/game.php?gn=../../agentsteal

 

 

oh i get it, your right i need to change the gn parameter to stay server side so you cant change it, thanks i cant believe im so retarded i didnt think of that

[thewooleymammoth]

can you figure out a way to do it now?