Jump to content

[SOLVED] www.blconline.co.uk

marksie1988

By marksie1988
in Beta Test Your Stuff!

 Share

Recommended Posts

Coreye Member

Coreye

Posted
Posted

Cross Site Scripting:

When editing your profile you can submit code and it executes.

http://blconline.co.uk/login/userinfo.blc?user=123456

 

Cross Site Scripting:

http://blconline.co.uk/whois/index.blc?domain=%22%3E%3Cmarquee%3E%3Ch1%3Evulnerable&lookup=%3E%3E

marksie1988 Regular Member

marksie1988

Posted
  • Author
Posted

Cross Site Scripting:

When editing your profile you can submit code and it executes.

http://blconline.co.uk/login/userinfo.blc?user=123456

 

Cross Site Scripting:

http://blconline.co.uk/whois/index.blc?domain=%22%3E%3Cmarquee%3E%3Ch1%3Evulnerable&lookup=%3E%3E

 

how would i fix this issue?

 

Coreye Member

Coreye

Posted
Posted

Full Path Disclosure:

http://blconline.co.uk/adsys/banner.blc

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/marksie/public_html/blacklime/adsys/banner.blc on line 4

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/marksie/public_html/blacklime/adsys/banner.blc on line 4

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/marksie/public_html/blacklime/adsys/banner.blc on line 5

 

Block this directory; http://blconline.co.uk/adsys/.

marksie1988 Regular Member

marksie1988

Posted
  • Author
Posted

Full Path Disclosure:

http://blconline.co.uk/adsys/banner.blc

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/marksie/public_html/blacklime/adsys/banner.blc on line 4

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/marksie/public_html/blacklime/adsys/banner.blc on line 4

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/marksie/public_html/blacklime/adsys/banner.blc on line 5

 

Block this directory; http://blconline.co.uk/adsys/.

 

ok thanks i have fixed this now :)

Coreye Member

Coreye

Posted
Posted

Block This directory; http://blconline.co.uk/inc/

 

Full Path Disclosure:

http://blconline.co.uk/login/userinfo.blc

Warning: Cannot modify header information - headers already sent by (output started at /home/marksie/public_html/blacklime/inc/header.blc:16) in /home/marksie/public_html/blacklime/login/userinfo.blc on line 12

 

Full Path Disclosure:

http://blconline.co.uk/inc/right.blc

Fatal error: Call to a member function isMod() on a non-object in /home/marksie/public_html/blacklime/inc/right.blc on line 58

 

Full Ptah Disclosure:

http://blconline.co.uk/inc/footer.blc

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/marksie/public_html/blacklime/inc/footer.blc on line 55

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/marksie/public_html/blacklime/inc/footer.blc on line 55

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/marksie/public_html/blacklime/inc/footer.blc on line 56

)

 

 

      Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/marksie/public_html/blacklime/inc/footer.blc on line 62

 

      Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/marksie/public_html/blacklime/inc/footer.blc on line 62

 

      Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/marksie/public_html/blacklime/inc/footer.blc on line 6

 

Full Ptah Disclosure:

http://blconline.co.uk/inc/footer.blc

Fatal error: Call to a member function getNumMembers() on a non-object in /home/marksie/public_html/blacklime/inc/footer.blc on line 92

 

marksie1988 Regular Member

marksie1988

Posted
  • Author
Posted

Block This directory; http://blconline.co.uk/inc/

 

Full Path Disclosure:

http://blconline.co.uk/login/userinfo.blc

Warning: Cannot modify header information - headers already sent by (output started at /home/marksie/public_html/blacklime/inc/header.blc:16) in /home/marksie/public_html/blacklime/login/userinfo.blc on line 12

 

Full Path Disclosure:

http://blconline.co.uk/inc/right.blc

Fatal error: Call to a member function isMod() on a non-object in /home/marksie/public_html/blacklime/inc/right.blc on line 58

 

Full Ptah Disclosure:

http://blconline.co.uk/inc/footer.blc

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/marksie/public_html/blacklime/inc/footer.blc on line 55

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/marksie/public_html/blacklime/inc/footer.blc on line 55

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/marksie/public_html/blacklime/inc/footer.blc on line 56

)

 

 

      Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/marksie/public_html/blacklime/inc/footer.blc on line 62

 

      Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/marksie/public_html/blacklime/inc/footer.blc on line 62

 

      Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/marksie/public_html/blacklime/inc/footer.blc on line 6

 

Full Ptah Disclosure:

http://blconline.co.uk/inc/footer.blc

Fatal error: Call to a member function getNumMembers() on a non-object in /home/marksie/public_html/blacklime/inc/footer.blc on line 92

 

 

ok i have done this now but i have no idea how to stop this one

 

Fatal error: Call to a member function isMod() on a non-object in /home/marksie/public_html/blacklime/inc/right.blc on line 58

agentsteal Newbie

agentsteal

Posted
Posted

Array:

http://www.blconline.co.uk/whois/index.blc?lookup&domain[]

 

Cross Site Scripting:

http://www.blconline.co.uk/whois/index.blc?lookup&domain="><marquee><h1>vulnerable</marquee>

 

Full Path Disclosure:

http://www.blconline.co.uk/directory/dirupdate.php?www[]

Warning: urldecode() expects parameter 1 to be string, array given in /home/marksie/public_html/blacklime/directory/dirupdate.php on line 4

 

Warning: Cannot modify header information - headers already sent by (output started at /home/marksie/public_html/blacklime/directory/dirupdate.php:4) in /home/marksie/public_html/blacklime/directory/dirupdate.php on line 7

 

Full Path Disclosure:

http://www.blconline.co.uk/login/userpics/delimg.blc

Warning: unlink(/home/marksie/public_html/blacklime/login/userpics/) [function.unlink]: Is a directory in /home/marksie/public_html/blacklime/login/userpics/delimg.blc on line 17

 

Warning: Cannot modify header information - headers already sent by (output started at /home/marksie/public_html/blacklime/login/userpics/delimg.blc:17) in /home/marksie/public_html/blacklime/login/userpics/delimg.blc on line 24

 

Full Path Disclosure:

http://www.blconline.co.uk/login/userinfo.blc

Warning: Cannot modify header information - headers already sent by (output started at /home/marksie/public_html/blacklime/inc/header.blc:16) in /home/marksie/public_html/blacklime/login/userinfo.blc on line 12

blconline.co.uk

 

Full Path Disclosure:

http://www.blconline.co.uk/price/popupprice.blc

Warning: require_once(../inc/settings.blc) [function.require-once]: failed to open stream: No such file or directory in /home/marksie/public_html/blacklime/price/popupprice.blc on line 1

 

Fatal error: require_once() [function.require]: Failed opening required '../inc/settings.blc' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/marksie/public_html/blacklime/price/popupprice.blc on line 1

 

Full Path Disclosure:

http://www.blconline.co.uk/inc/right.blc

Fatal error: Call to a member function isAdmin() on a non-object in /home/marksie/public_html/blacklime/inc/right.blc on line 59

 

Full Path Disclosure:

http://www.blconline.co.uk/inc/footer.blc

Fatal error: Call to a member function getNumMembers() on a non-object in /home/marksie/public_html/blacklime/inc/footer.blc on line 92

 

Includes Directory:

http://www.blconline.co.uk/login/include/

 

META Tag Injection:

http://www.blconline.co.uk/whois/index.blc?lookup&domain=<meta+http-equiv='Set-cookie'+content='vulnerable=true'>

 

URL Inclusion:

http://www.blconline.co.uk/directory/dirupdate.php?www=http://www.google.com/

marksie1988 Regular Member

marksie1988

Posted
  • Author
Posted

OK i have now blocked most of this (removed the whois too much hassle) but i don't know how to block the following thing could someone point me in the right direction or show me how to do it?

 

 

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.