bluebyyou Posted January 12, 2008 Share Posted January 12, 2008 www.wiuartinny.com Test account info: email: test@test.com pass: testme Can a couple of people log in, try uploading a couple images, etc. Also look for any possible vunerabilities that I have overlooked. Thanks in advance. also I do know that the account info and photo uploads do not work Link to comment Share on other sites More sharing options...
Coreye Posted January 12, 2008 Share Posted January 12, 2008 SQL Error: http://www.wiuartinny.com/account.php?page You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-24, 24' at line 1 Full Path Disclosure: http://www.wiuartinny.com/account.php?page[] Fatal error: Unsupported operand types in /home/content/w/i/u/wiuartinny/html/account.php on line 48 Link to comment Share on other sites More sharing options...
agentsteal Posted January 12, 2008 Share Posted January 12, 2008 Array: http://www.wiuartinny.com/thumb.php?src[] Cross Site Scripting: There is Cross Site Scripting when you upload an image if the title contains code. Directory Transversal: http://www.wiuartinny.com/thumb.php?src=../images/title.jpg&display=medium Drop Down Menu: If you edit the drop down menu on http://www.wiuartinny.com/account.php you can submit arbitrary values. DOS: There is a DOS if you submit 9999999999999999999999 in the drop down menu on http://www.wiuartinny.com/account.php. Full Path Disclosure: http://www.wiuartinny.com/gallery.php?id[] Warning: preg_match() expects parameter 2 to be string, array given in /home/content/w/i/u/wiuartinny/html/gallery.php on line 10 Unknown column 'Array' in 'where clause' Full Path Disclosure: http://www.wiuartinny.com/thumb.php <br /> <b>Warning</b>: imagecreatefromjpeg(): gd-jpeg: JPEG library reports unrecoverable error: in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>6</b><br /> <br /> <b>Warning</b>: imagecreatefromjpeg(): 'uploads/' is not a valid JPEG file in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>6</b><br /> <br /> <b>Warning</b>: imagesx(): supplied argument is not a valid Image resource in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>7</b><br /> <br /> <b>Warning</b>: imagesy(): supplied argument is not a valid Image resource in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>8</b><br /> <br /> <b>Warning</b>: Division by zero in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>48</b><br /> <br /> <b>Warning</b>: Division by zero in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>49</b><br /> <br /> <b>Warning</b>: imagecreatetruecolor(): Invalid image dimensions in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>79</b><br /> <br /> <b>Warning</b>: imagecreatetruecolor(): Invalid image dimensions in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>89</b><br /> <br /> <b>Warning</b>: imagecopyresized(): supplied argument is not a valid Image resource in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>90</b><br /> <br /> <b>Warning</b>: imagejpeg(): supplied argument is not a valid Image resource in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>92</b><br /> <br /> <b>Warning</b>: imagedestroy(): supplied argument is not a valid Image resource in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>93</b><br /> Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie contains an invalid value. Warning: session_start(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in /home/content/w/i/u/wiuartinny/html/account.php on line 1 Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/content/w/i/u/wiuartinny/html/account.php:1) in /home/content/w/i/u/wiuartinny/html/account.php on line 1 Warning: Cannot modify header information - headers already sent by (output started at /home/content/w/i/u/wiuartinny/html/account.php:1) in /home/content/w/i/u/wiuartinny/html/account.php on line 174 Warning: Unknown(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in Unknown on line 0 Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0 Full Path Disclosure: http://www.wiuartinny.com/thumb.php?src=a <br /> <b>Warning</b>: imagecreatefromjpeg(uploads/a): failed to open stream: No such file or directory in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>6</b><br /> <br /> <b>Warning</b>: imagesx(): supplied argument is not a valid Image resource in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>7</b><br /> <br /> <b>Warning</b>: imagesy(): supplied argument is not a valid Image resource in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>8</b><br /> <br /> <b>Warning</b>: Division by zero in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>48</b><br /> <br /> <b>Warning</b>: Division by zero in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>49</b><br /> <br /> <b>Warning</b>: imagecreatetruecolor(): Invalid image dimensions in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>79</b><br /> <br /> <b>Warning</b>: imagecreatetruecolor(): Invalid image dimensions in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>89</b><br /> <br /> <b>Warning</b>: imagecopyresized(): supplied argument is not a valid Image resource in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>90</b><br /> <br /> <b>Warning</b>: imagejpeg(): supplied argument is not a valid Image resource in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>92</b><br /> <br /> <b>Warning</b>: imagedestroy(): supplied argument is not a valid Image resource in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>93</b><br /> Full Path Disclosure: http://www.wiuartinny.com/thumb.php?src=655.jpg <br /> <b>Warning</b>: imagecreatetruecolor(): Invalid image dimensions in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>79</b><br /> <br /> <b>Warning</b>: imagecreatetruecolor(): Invalid image dimensions in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>89</b><br /> <br /> <b>Warning</b>: imagecopyresized(): supplied argument is not a valid Image resource in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>90</b><br /> <br /> <b>Warning</b>: imagejpeg(): supplied argument is not a valid Image resource in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>92</b><br /> <br /> <b>Warning</b>: imagedestroy(): supplied argument is not a valid Image resource in <b>/home/content/w/i/u/wiuartinny/html/thumb.php</b> on line <b>93</b><br /> Full Path Disclosure: http://www.wiuartinny.com/account.php?page[] Fatal error: Unsupported operand types in /home/content/w/i/u/wiuartinny/html/account.php on line 48 SQL Error: http://www.wiuartinny.com/gallery.php?page=' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-24, 24' at line 1 SQL Error: http://www.wiuartinny.com/account.php?page=' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-24, 24' at line 1 Link to comment Share on other sites More sharing options...
bluebyyou Posted January 12, 2008 Author Share Posted January 12, 2008 I will start working on those, did you think it was easy to use? Was it easy to understand the way it worked? Link to comment Share on other sites More sharing options...
bluebyyou Posted January 13, 2008 Author Share Posted January 13, 2008 Did anyone that tested have any feedback on how they liked using it or not? Link to comment Share on other sites More sharing options...
Recommended Posts