Jump to content

vulnerability test please

chrisx84

By chrisx84
in Beta Test Your Stuff!

 Share

Recommended Posts

Coreye Member

Coreye

Posted
Posted

Block this directory: http://vampirecity.cx-music.com/includes/

Block this directory: http://vampirecity.cx-music.com/games/

Block this directory: http://vampirecity.cx-music.com/games/includes/

Block this directory: http://vampirecity.cx-music.com/forum/includes/

Block this directory: http://vampirecity.cx-music.com/inc/

 

Full Path Disclosure:

http://vampirecity.cx-music.com/games/includes/footer.php

Warning: main(googlebottom.php) [function.main]: failed to open stream: No such file or directory in /home/www/vampirecity.cx-music.com/games/includes/footer.php on line 3

 

Warning: main() [function.include]: Failed opening 'googlebottom.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/www/vampirecity.cx-music.com/games/includes/footer.php on line 3

 

Full Path Disclosure:

http://vampirecity.cx-music.com/includes/footer.php

Warning: main(googlebottom.php) [function.main]: failed to open stream: No such file or directory in /home/www/vampirecity.cx-music.com/includes/footer.php on line 6

 

Warning: main() [function.include]: Failed opening 'googlebottom.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/www/vampirecity.cx-music.com/includes/footer.php on line 6

 

Cross Site  Scripting:

You can submit code in the subject and content when creating threads on the forum.

 

Cross Site Scripting:

You can submit code in the subject and content when creating posts on the forum.

 

Cross Site Scripting:

You can submit code in the subject and content when creating private messages.

 

Cross Site Scripting:

You can submit code in all fields when editing your profile.

http://vampirecity.cx-music.com/profile/lol

 

Cross Site Scripting:

You can submit code when creating a coven.

http://vampirecity.cx-music.com/coven/covensearch.php

http://vampirecity.cx-music.com/covensimwith.php?u=lol

 

Array:

http://vampirecity.cx-music.com/covensimwith.php?u[]

 

Array:

http://vampirecity.cx-music.com/friendswith.php?u[]

 

Array:

http://vampirecity.cx-music.com/contest.php?contest[]

 

You can read other users private messages when forwarding the message by changing the ID.

 

http://vampirecity.cx-music.com/journalview.php?j=154 - Easy to flood by pressing refresh.

 

Cross Site Scripting:

You can submit code in the content when adding comments

http://vampirecity.cx-music.com/journalview.php?j=154

 

Full Path Disclosure:

http://vampirecity.cx-music.com/ShoppingCart.php

Warning: Cannot modify header information - headers already sent by (output started at /home/www/vampirecity.cx-music.com/includes/header2.php:26) in /home/www/vampirecity.cx-music.com/inc/functions/Cart_Functions.php on line 380

 

SQL Error - Full Path Disclosure:

http://vampirecity.cx-music.com/newusers.php?page='

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/www/vampirecity.cx-music.com/newusers.php on line 256

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

Cross Site Scripting:

You can submit code in both fields when adding a journal.

http://vampirecity.cx-music.com/journal/lol

Link to comment
Share on other sites
agentsteal Newbie

agentsteal

Posted
Posted

Array:

http://vampirecity.cx-music.com/covensimwith.php?u[]

 

Array:

http://vampirecity.cx-music.com/friendswith.php?u[]

 

Array:

http://vampirecity.cx-music.com/friendsof.php?u[]

 

Array:

http://vampirecity.cx-music.com/contest.php?contest[]

 

Array:

http://vampirecity.cx-music.com/miq.php?mi[]

 

Array:

http://vampirecity.cx-music.com/bdays.php?bmonth[]

 

Cross Site Scripting:

There is Cross Site Scripting if the Expect header contains code.

 

Cross Site Scripting:

There is Cross Site Scripting when you edit your profile if the fields contain ">code.

 

Cross Site Scripting:

There is Cross Site Scripting in the videos if the fields contain code.

 

Cross Site Scripting:

There is Cross Site Scripting in the pictures if a comment contains code.

 

Cross Site Scripting:

There is Cross Site Scripting when you submit questions if the mi contains ">code.

 

Drop Down Menu:

If you edit the drop down menus on the edit profile page you can submit arbitrary values.

 

Full Path Disclosure:

http://vampirecity.cx-music.com/includes/footer.php

Warning: main(googlebottom.php) [function.main]: failed to open stream: No such file or directory in /home/www/vampirecity.cx-music.com/includes/footer.php on line 6

 

Full Path Disclosure:

http://vampirecity.cx-music.com/games/includes/footer.php

Warning: main(googlebottom.php) [function.main]: failed to open stream: No such file or directory in /home/www/vampirecity.cx-music.com/games/includes/footer.php on line 3

 

Warning: main() [function.include]: Failed opening 'googlebottom.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/www/vampirecity.cx-music.com/games/includes/footer.php on line 3

 

Warning: main() [function.include]: Failed opening 'googlebottom.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/www/vampirecity.cx-music.com/includes/footer.php on line 6

 

Full Path Disclosure:

There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value.

Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/www/vampirecity.cx-music.com/includes/header2.php on line 10

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/www/vampirecity.cx-music.com/includes/header2.php:10) in /home/www/vampirecity.cx-music.com/includes/header2.php on line 10

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/www/vampirecity.cx-music.com/includes/header2.php:10) in /home/www/vampirecity.cx-music.com/includes/header2.php on line 10

 

Warning: Cannot modify header information - headers already sent by (output started at /home/www/vampirecity.cx-music.com/includes/header2.php:10) in /home/www/vampirecity.cx-music.com/includes/header2.php on line 11

 

Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/www/vampirecity.cx-music.com/includes/header2.php on line 10

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/www/vampirecity.cx-music.com/includes/header2.php:10) in /home/www/vampirecity.cx-music.com/includes/header2.php on line 10

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/www/vampirecity.cx-music.com/includes/header2.php:10) in /home/www/vampirecity.cx-music.com/includes/header2.php on line 10

 

Warning: Cannot modify header information - headers already sent by (output started at /home/www/vampirecity.cx-music.com/includes/header2.php:10) in /home/www/vampirecity.cx-music.com/includes/header2.php on line 11

 

Full Path Disclosure:

http://vampirecity.cx-music.com/bdays.php?orderby='

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/www/vampirecity.cx-music.com/bdays.php on line 41

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

Full Path Disclosure:

http://vampirecity.cx-music.com/forum/includes/footer.php

Warning: main(googlebottom.php) [function.main]: failed to open stream: No such file or directory in /home/www/vampirecity.cx-music.com/forum/includes/footer.php on line 3

 

Warning: main() [function.include]: Failed opening 'googlebottom.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/www/vampirecity.cx-music.com/forum/includes/footer.php on line 3

 

Full Path Disclosure:

http://vampirecity.cx-music.com/ShoppingCart.php

Warning: Cannot modify header information - headers already sent by (output started at /home/www/vampirecity.cx-music.com/includes/header2.php:26) in /home/www/vampirecity.cx-music.com/inc/functions/Cart_Functions.php on line 137

 

Includes Directory:

http://vampirecity.cx-music.com/inc/

 

Includes Directory:

http://vampirecity.cx-music.com/includes/

 

Includes Directory:

http://vampirecity.cx-music.com/games/

 

Includes Directory:

http://vampirecity.cx-music.com/forum/includes/

 

Log File:

http://vampirecity.cx-music.com/images/WS_FTP.LOG

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.