helraizer Posted December 31, 2007 Share Posted December 31, 2007 Hi folks, I think it's pretty secure by now, from what I've learned. www.helraizer.co.uk/guestbook Please test it for me Sam Link to comment Share on other sites More sharing options...
agentsteal Posted December 31, 2007 Share Posted December 31, 2007 Cross Site Scripting: http://www.helraizer.co.uk/guestbook/ddgb1.php5/"><marquee><h1>vulnerable Full Path Disclosure: There is Full Path Disclosure on http://www.helraizer.co.uk/guestbook/config.php if the PHPSESSID cookie contains an invalid value. Warning: session_start() [function.session-start]: The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in /home/sites/helraizer.co.uk/public_html/guestbook/config.php on line 196 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/sites/helraizer.co.uk/public_html/guestbook/config.php:196) in /home/sites/helraizer.co.uk/public_html/guestbook/config.php on line 196 Warning: Unknown(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in Unknown on line 0 Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 Full Path Disclosure: There is Full Path Disclosure on http://www.helraizer.co.uk/guestbook/ddgb-verify.php if the PHPSESSID cookie contains an invalid value. Warning: session_start() [function.session-start]: The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in /home/sites/helraizer.co.uk/public_html/guestbook/config.php on line 196 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/sites/helraizer.co.uk/public_html/guestbook/config.php:196) in /home/sites/helraizer.co.uk/public_html/guestbook/config.php on line 196 Warning: Cannot modify header information - headers already sent by (output started at /home/sites/helraizer.co.uk/public_html/guestbook/config.php:196) in /home/sites/helraizer.co.uk/public_html/guestbook/ddgb-verify.php on line 37 Warning: Cannot modify header information - headers already sent by (output started at /home/sites/helraizer.co.uk/public_html/guestbook/config.php:196) in /home/sites/helraizer.co.uk/public_html/guestbook/ddgb-verify.php on line 38 Warning: Cannot modify header information - headers already sent by (output started at /home/sites/helraizer.co.uk/public_html/guestbook/config.php:196) in /home/sites/helraizer.co.uk/public_html/guestbook/ddgb-verify.php on line 39 Warning: Unknown(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in Unknown on line 0 Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 Link to comment Share on other sites More sharing options...
Coreye Posted December 31, 2007 Share Posted December 31, 2007 It's easy to flood by pressing refresh. Might think about a new host. That one loads pretty slow. Link to comment Share on other sites More sharing options...
helraizer Posted December 31, 2007 Author Share Posted December 31, 2007 Thanks for the replies. I've fixed the XSS problem, I will get working on solutions to the other problems in the new year. Happy New Year, by the way. Sam Link to comment Share on other sites More sharing options...
Recommended Posts