ahzulfi Posted January 18, 2008 Share Posted January 18, 2008 Hello, i have made a video sharing script, i didnt take any source code of any script, it is made from a scratch, i hope its hackers safe.... here is the link http://tune.pk am still working on it, but it is ready for a test please comment Link to comment Share on other sites More sharing options...
Coreye Posted January 18, 2008 Share Posted January 18, 2008 Includes Directory: http://tune.pk/includes/ Full Path Disclosure: http://tune.pk/includes/active.php Fatal error: Call to undefined function Assign() in /home/tuneepk/public_html/includes/active.php on line 45 Full Path Disclosure: http://tune.pk/includes/defined_links.php Fatal error: Call to undefined function Assign() in /home/tuneepk/public_html/includes/defined_links.php on line 45 Full Path Disclosure: http://tune.pk/includes/modules.php Warning: mysql_query() [function.mysql-query]: Access denied for user 'tuneepk'@'localhost' (using password: NO) in /home/tuneepk/public_html/includes/modules.php on line 18 Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/tuneepk/public_html/includes/modules.php on line 18 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tuneepk/public_html/includes/modules.php on line 19 Full Path Disclosure: http://tune.pk/includes/playerconfig/config.xml.php true true 3 On Press start to play true Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/tuneepk/public_html/includes/playerconfig/config.xml.php:15) in /home/tuneepk/public_html/includes/config.inc.php on line 18 /home/tuneepk/public_html/videos/ http://tune.pk/includes/playerconfig/videolist.xml.php video1.flv ./ 50 0x550000 0x6C6C6C 0x000000 0x474747 0xB62A2A 0xFF3333 0xDBDBDB 0x515151 Up Left http://www.tufat.com logo.jpg true true 375 450 80 100 _blank 50 Down false 0x000000 0x9F9F9F 30 true service@clip-bucket.com Clip-Bucket true Full Path Disclosure: http://tune.pk/includes/templatelib/Template_Compiler.class.php Fatal error: Class 'Smarty' not found in /home/tuneepk/public_html/includes/templatelib/Template_Compiler.class.php on line 35 Full Path Disclosure: http://tune.pk/includes/classes/TFile.php Parse error: syntax error, unexpected ':' in /home/tuneepk/public_html/includes/classes/TFile.php on line 11 Link to comment Share on other sites More sharing options...
Coreye Posted January 18, 2008 Share Posted January 18, 2008 Full Path Disclosure: http://tune.pk/view_channel.php?user=%3E Warning: Cookie names can not contain any of the folllowing '=,; \t\r\n\013\014' (view_>) in /home/tuneepk/public_html/includes/classes/user.class.php on line 439 Link to comment Share on other sites More sharing options...
ahzulfi Posted January 18, 2008 Author Share Posted January 18, 2008 thanx COREYE, well as u know i havent finished making this script, i know all that errors you just quoted in ur first post but the 2nd one is really unknown ffor me, thanx for this and also tell me how to CLEAN this mess Link to comment Share on other sites More sharing options...
ahzulfi Posted January 18, 2008 Author Share Posted January 18, 2008 Ok i resolved it, now please tell me if i have any other Vulnerability or anything unsafe from hackers thanx Arslan Link to comment Share on other sites More sharing options...
lynxus Posted January 18, 2008 Share Posted January 18, 2008 you still have full directory listing! Either edit your apache config to disable it. or just do what i do sometimes and add a blank index.html to every directory lol Link to comment Share on other sites More sharing options...
Coreye Posted January 18, 2008 Share Posted January 18, 2008 Only thing that was fixed was; Full path Disclosure: http://tune.pk/view_channel.php?user=%3E Warning: Cookie names can not contain any of the folllowing '=,; \t\r\n\013\014' (view_>) in /home/tuneepk/public_html/includes/classes/user.class.php on line 439 All of the others still exist. Link to comment Share on other sites More sharing options...
agentsteal Posted January 18, 2008 Share Posted January 18, 2008 Array: http://www.tune.pk/view_channel.php?user[] Cross Site Scripting: http://www.tune.pk/compose.php?msg=<marquee><h1>vulnerable</marquee> Full Path Disclosure: http://www.tune.pk/phpinfo.php Full Path Disclosure: http://www.tune.pk/channels.php?page=-1 Fatal error: Call to a member function recordcount() on a non-object in /home/tuneepk/public_html/channels.php on line 57 Full Path Disclosure: http://www.tune.pk/channels.php?order[] Warning: Illegal offset type in /home/tuneepk/public_html/channels.php on line 34 Warning: Illegal offset type in /home/tuneepk/public_html/channels.php on line 48 Full Path Disclosure: http://www.tune.pk/includes/classes/captcha/example.php?code[] Warning: md5() expects parameter 1 to be string, array given in /home/tuneepk/public_html/includes/classes/captcha/class.img_validator.php on line 129 Warning: ereg() [function.ereg]: REG_EMPTY in /home/tuneepk/public_html/includes/classes/captcha/class.img_validator.php on line 152 Full Path Disclosure: http://www.tune.pk/includes/classes/captcha/example2.php?code[] Warning: md5() expects parameter 1 to be string, array given in /home/tuneepk/public_html/includes/classes/captcha/class.img_validator.php on line 129 Warning: ereg() [function.ereg]: REG_EMPTY in /home/tuneepk/public_html/includes/classes/captcha/class.img_validator.php on line 152 Full Path Disclosure: http://www.tune.pk/includes/active.php Fatal error: Call to undefined function Assign() in /home/tuneepk/public_html/includes/active.php on line 45 Full Path Disclosure: http://www.tune.pk/includes/defined_links.php Fatal error: Call to undefined function Assign() in /home/tuneepk/public_html/includes/defined_links.php on line 45 Full Path Disclosure: http://www.tune.pk/includes/modules.php Warning: mysql_query() [function.mysql-query]: Access denied for user 'tuneepk'@'localhost' (using password: NO) in /home/tuneepk/public_html/includes/modules.php on line 18 Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/tuneepk/public_html/includes/modules.php on line 18 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tuneepk/public_html/includes/modules.php on line 19 Full Path Disclosure: http://www.tune.pk/includes/adodb/adodb.php Fatal error: Call to undefined method stdClass::Connect() in /home/tuneepk/public_html/includes/adodb/adodb.php on line 5 Full Path Disclosure: http://www.tune.pk/includes/adodb/contrib/toxmlrpc.inc.php Warning: require_once(xmlrpc.inc) [function.require-once]: failed to open stream: No such file or directory in /home/tuneepk/public_html/includes/adodb/contrib/toxmlrpc.inc.php on line 20 Fatal error: require_once() [function.require]: Failed opening required 'xmlrpc.inc' (include_path='.:/usr/local/php5/lib/php') in /home/tuneepk/public_html/includes/adodb/contrib/toxmlrpc.inc.php on line 20 Full Path Disclosure: http://www.tune.pk/includes/adodb/datadict/datadict-firebird.inc.php Fatal error: Class 'ADODB_DataDict' not found in /home/tuneepk/public_html/includes/adodb/datadict/datadict-firebird.inc.php on line 13 Full Path Disclosure: http://www.tune.pk/includes/adodb/drivers/adodb-pdo_mssql.inc.php Fatal error: Class 'ADODB_pdo' not found in /home/tuneepk/public_html/includes/adodb/drivers/adodb-pdo_mssql.inc.php on line 13 Full Path Disclosure: http://www.tune.pk/includes/adodb/drivers/adodb-pdo_mysql.inc.php Fatal error: Class 'ADODB_pdo' not found in /home/tuneepk/public_html/includes/adodb/drivers/adodb-pdo_mysql.inc.php on line 13 Full Path Disclosure: http://www.tune.pk/includes/adodb/drivers/adodb-pdo_oci.inc.php Fatal error: Class 'ADODB_pdo_base' not found in /home/tuneepk/public_html/includes/adodb/drivers/adodb-pdo_oci.inc.php on line 13 Full Path Disclosure: http://www.tune.pk/includes/adodb/drivers/adodb-pdo_pgsql.inc.php Fatal error: Class 'ADODB_pdo' not found in /home/tuneepk/public_html/includes/adodb/drivers/adodb-pdo_pgsql.inc.php on line 12 Full Path Disclosure: http://www.tune.pk/includes/adodb/drivers/adodb-sybase_ase.inc.php Warning: require_once(ADODB_DIR/drivers/adodb-sybase.inc.php) [function.require-once]: failed to open stream: No such file or directory in /home/tuneepk/public_html/includes/adodb/drivers/adodb-sybase_ase.inc.php on line 14 Fatal error: require_once() [function.require]: Failed opening required 'ADODB_DIR/drivers/adodb-sybase.inc.php' (include_path='.:/usr/local/php5/lib/php') in /home/tuneepk/public_html/includes/adodb/drivers/adodb-sybase_ase.inc.php on line 14 Full Path Disclosure: http://www.tune.pk/includes/adodb/pear/Auth/Container/ADOdb.php Warning: require_once(Auth/Container.php) [function.require-once]: failed to open stream: No such file or directory in /home/tuneepk/public_html/includes/adodb/pear/Auth/Container/ADOdb.php on line 23 Fatal error: require_once() [function.require]: Failed opening required 'Auth/Container.php' (include_path='.:/usr/local/php5/lib/php') in /home/tuneepk/public_html/includes/adodb/pear/Auth/Container/ADOdb.php on line 23 Full Path Disclosure: http://www.tune.pk/includes/adodb/session/adodb-compress-bzip2.php Fatal error: bzip2 functions are not available in /home/tuneepk/public_html/includes/adodb/session/adodb-compress-bzip2.php on line 14 Full Path Disclosure: http://www.tune.pk/includes/adodb/session/adodb-encrypt-secret.php Fatal error: Directory not found: '/home/tuneepk/public_html/includes/horde' in /home/tuneepk/public_html/includes/adodb/session/adodb-encrypt-secret.php on line 16 Full Path Disclosure: http://www.tune.pk/includes/adodb/session/old/adodb-cryptsession.php Warning: include(/home/tuneepk/public_html/includes/adodb/session/old/adodb.inc.php) [function.include]: failed to open stream: No such file or directory in /home/tuneepk/public_html/includes/adodb/session/old/adodb-cryptsession.php on line 64 Warning: include() [function.include]: Failed opening '/home/tuneepk/public_html/includes/adodb/session/old/adodb.inc.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/tuneepk/public_html/includes/adodb/session/old/adodb-cryptsession.php on line 64 Full Path Disclosure: http://www.tune.pk/includes/adodb/session/old/adodb-session-clob.php Warning: include(/home/tuneepk/public_html/includes/adodb/session/old/adodb.inc.php) [function.include]: failed to open stream: No such file or directory in /home/tuneepk/public_html/includes/adodb/session/old/adodb-session-clob.php on line 90 Warning: include() [function.include]: Failed opening '/home/tuneepk/public_html/includes/adodb/session/old/adodb.inc.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/tuneepk/public_html/includes/adodb/session/old/adodb-session-clob.php on line 90 Full Path Disclosure: http://www.tune.pk/includes/adodb/session/old/adodb-session.php Warning: include(/home/tuneepk/public_html/includes/adodb/session/old/adodb.inc.php) [function.include]: failed to open stream: No such file or directory in /home/tuneepk/public_html/includes/adodb/session/old/adodb-session.php on line 100 Warning: include() [function.include]: Failed opening '/home/tuneepk/public_html/includes/adodb/session/old/adodb.inc.php' for inclusion (include_path='.:/usr/local/php5/lib/php') in /home/tuneepk/public_html/includes/adodb/session/old/adodb-session.php on line 100 Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/benchmark.php Fatal error: Class 'VARIANT' not found in /home/tuneepk/public_html/includes/adodb/drivers/adodb-ado5.inc.php on line 42 Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/pdo.php Fatal error: Class 'PDO' not found in /home/tuneepk/public_html/includes/adodb/drivers/adodb-pdo.inc.php on line 166 Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/test-active-record.php Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'root'@'localhost' (using password: NO) in /home/tuneepk/public_html/includes/adodb/drivers/adodb-mysql.inc.php on line 365 Fatal error: Call to undefined method stdClass::Execute() in /home/tuneepk/public_html/includes/adodb/tests/test-active-record.php on line 18 Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/test-active-recs2.php Notice: Use of undefined constant OCI_COMMIT_ON_SUCCESS - assumed 'OCI_COMMIT_ON_SUCCESS' in /home/tuneepk/public_html/includes/adodb/adodb.inc.php on line 4084 Fatal error: Call to a member function ServerInfo() on a non-object in /home/tuneepk/public_html/includes/adodb/tests/test-active-recs2.php on line 21 Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/test-datadict.php Notice: Use of undefined constant ODBC_BINMODE_RETURN - assumed 'ODBC_BINMODE_RETURN' in /home/tuneepk/public_html/includes/adodb/adodb.inc.php on line 4084 Notice: Use of undefined constant SQL_CUR_USE_DRIVER - assumed 'SQL_CUR_USE_DRIVER' in /home/tuneepk/public_html/includes/adodb/adodb.inc.php on line 4084 Notice: Use of undefined constant ODBC_BINMODE_RETURN - assumed 'ODBC_BINMODE_RETURN' in /home/tuneepk/public_html/includes/adodb/adodb.inc.php on line 4084 Notice: Use of undefined constant SQL_CUR_USE_DRIVER - assumed 'SQL_CUR_USE_DRIVER' in /home/tuneepk/public_html/includes/adodb/adodb.inc.php on line 4084 Fatal error: Call to undefined function pg_escape_string() in /home/tuneepk/public_html/includes/adodb/drivers/adodb-postgres64.inc.php on line 241 Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/test-php5.php Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'root'@'localhost' (using password: NO) in /home/tuneepk/public_html/includes/adodb/drivers/adodb-mysql.inc.php on line 365 Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/test-xmlschema.php Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'root'@'localhost' (using password: NO) in /home/tuneepk/public_html/includes/adodb/drivers/adodb-mysql.inc.php on line 365 Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/test.php Warning: mysql_pconnect() [function.mysql-pconnect]: Access denied for user 'root'@'localhost' (using password: NO) in /home/tuneepk/public_html/includes/adodb/drivers/adodb-mysql.inc.php on line 383 Notice: Trying to get property of non-object in /home/tuneepk/public_html/includes/adodb/tests/testdatabases.inc.php on line 244 Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/test2.php Fatal error: Class 'VARIANT' not found in /home/tuneepk/public_html/includes/adodb/drivers/adodb-ado5.inc.php on line 42 Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/test3.php Notice: Use of undefined constant OCI_COMMIT_ON_SUCCESS - assumed 'OCI_COMMIT_ON_SUCCESS' in /home/tuneepk/public_html/includes/adodb/adodb.inc.php on line 4084 Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/test4.php Warning: mysql_pconnect() [function.mysql-pconnect]: Access denied for user 'root'@'localhost' (using password: NO) in /home/tuneepk/public_html/includes/adodb/drivers/adodb-mysql.inc.php on line 383 Fatal error: Class 'PDO' not found in /home/tuneepk/public_html/includes/adodb/drivers/adodb-pdo.inc.php on line 166 Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/testcache.php Warning: mysql_pconnect() [function.mysql-pconnect]: Unknown MySQL server host 'mangrove' (1) in /home/tuneepk/public_html/includes/adodb/drivers/adodb-mysql.inc.php on line 383 Fatal error: Call to a member function GetArray() on a non-object in /home/tuneepk/public_html/includes/adodb/tests/testcache.php on line 27 Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/testdatabases.inc.php Fatal error: Call to undefined function ADOLoadCode() in /home/tuneepk/public_html/includes/adodb/tests/testdatabases.inc.php on line 295 Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/testoci8.php Notice: Use of undefined constant OCI_COMMIT_ON_SUCCESS - assumed 'OCI_COMMIT_ON_SUCCESS' in /home/tuneepk/public_html/includes/adodb/adodb.inc.php on line 4084 Fatal error: Call to undefined function OCIParse() in /home/tuneepk/public_html/includes/adodb/drivers/adodb-oci8.inc.php on line 1001 Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/testoci8cursor.php Notice: Use of undefined constant OCI_COMMIT_ON_SUCCESS - assumed 'OCI_COMMIT_ON_SUCCESS' in /home/tuneepk/public_html/includes/adodb/adodb.inc.php on line 4084 Fatal error: Call to undefined function OCIParse() in /home/tuneepk/public_html/includes/adodb/drivers/adodb-oci8.inc.php on line 790 Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/testpaging.php Notice: Use of undefined constant OCI_COMMIT_ON_SUCCESS - assumed 'OCI_COMMIT_ON_SUCCESS' in /home/tuneepk/public_html/includes/adodb/adodb.inc.php on line 4084 /tmp/a1/adodb_a181357cebe358f933ab1260fe0237d1.cache cache failure: /tmp/a1/adodb_a181357cebe358f933ab1260fe0237d1.cache file/URL not found (see sql below) Fatal error: Call to undefined function OCIParse() in /home/tuneepk/public_html/includes/adodb/drivers/adodb-oci8.inc.php on line 1001 Full Path Disclosure: http://www.tune.pk/includes/adodb/tests/testpear.php Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'root'@'localhost' (using password: NO) in /home/tuneepk/public_html/includes/adodb/drivers/adodb-mysql.inc.php on line 365 Fatal error: Call to undefined method PEAR_Error::setFetchMode() in /home/tuneepk/public_html/includes/adodb/tests/testpear.php on line 24 Full Path Disclosure: http://www.tune.pk/includes/classes/TFile.php Parse error: syntax error, unexpected ':' in /home/tuneepk/public_html/includes/classes/TFile.php on line 11 Full Path Disclosure: http://www.tune.pk/includes/playerconfig/config.xml.php Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/tuneepk/public_html/includes/playerconfig/config.xml.php:15) in /home/tuneepk/public_html/includes/config.inc.php on line 18 /home/tuneepk/public_html/videos/ http://tune.pk/includes/playerconfig/videolist.xml.php video1.flv ./ 50 0x550000 Full Path Disclosure: http://www.tune.pk/includes/templatelib/Template_Compiler.class.php Fatal error: Class 'Smarty' not found in /home/tuneepk/public_html/includes/templatelib/Template_Compiler.class.php on line 35 Full Path Disclosure: http://www.tune.pk/includes/templatelib/plugins/modifier.date_format.php Fatal error: Call to a member function _get_plugin_filepath() on a non-object in /home/tuneepk/public_html/includes/templatelib/plugins/modifier.date_format.php on line 11 Includes Directory: http://www.tune.pk/includes/ Insecure Cookie: You shouldn't put the username in the cookie. SQL Dump: http://www.tune.pk/includes/adodb/session/adodb-sessions.mysql.sql SQL Dump: http://www.tune.pk/includes/adodb/session/adodb-sessions.oracle.clob.sql SQL Dump: http://www.tune.pk/includes/adodb/session/adodb-sessions.oracle.sql SQL Dump: http://www.tune.pk/includes/adodb/tests/test-datadict.php User Enumeration: http://www.tune.pk/~tuneepk Link to comment Share on other sites More sharing options...
ahzulfi Posted January 18, 2008 Author Share Posted January 18, 2008 Thank You Bros , i have remove all the the above given errors {i guess}, but please tell me how i can Prevent the Inlcudes Directory Access, although i have put the index.php file in it but i know nothing about MOD_REWRITE ??? so please tell me how can i change the Includes Directory Access Previliges. And please tell me if there is more bugs, so that i fix em all, coz i m going to sale this script in feature. Thanks Arslan Link to comment Share on other sites More sharing options...
ahzulfi Posted January 18, 2008 Author Share Posted January 18, 2008 and one more thing, i have used POST method mostly so is it possible to do VULNERABILITY through POST methods ?? Link to comment Share on other sites More sharing options...
Recommended Posts