Jump to content

Recommended Posts

Full Path Disclosure:

http://versatilebb.com/demo/forum.php?target=/

Fatal error: Call to undefined function: htmlspecialchars_decode() in /home/versatil/public_html/demo/forum.php on line 252

 

Cross Site Scripting:

http://versatilebb.com/demo/index.php?target=profile&select=%22%3E%3Cmarquee%3E%3Ch1%3ECorey

 

Cross Site Scripting:

Theres Cross Site Scripting if your post contains ">code.

 

Cross Site Scripting:

Theres Cross Site Scripting when editing your profile if field 'Email:' contains ">code.

 

Cross Site Scripting:

Theres Cross Site Scripting when editing your profile if field 'Email repeat' contains ">code.

 

Cross Site Scripting:

Theres Cross Site Scripting when editing your profile if field 'Homepage' contains ">code.

 

Cross Site Scripting:

Theres Cross Site Scripting when editing your profile if field 'ICQ:' contains ">code.

 

Cross Site Scripting:

Theres Cross Site Scripting when editing your profile if field 'AIM:' contains ">code.

 

Cross Site Scripting:

Theres Cross Site Scripting when editing your profile if field 'Yahoo:' contains ">code.

 

Cross Site Scripting:

Theres Cross Site Scripting when editing your profile if field 'MSN:' contains ">code.

 

Cross Site Scripting:

Theres Cross Site Scripting when editing add a forum board if the name or description contains ">code.

wow thanks thats gona help :-) you found 2 new places

If you have a sec take a look at

http://www.phpfreaks.com/forums/index.php/topic,183166.0.html

 

That could solve every problems one shot.

 

I got the php error solved

Fatal error: Call to undefined function: htmlspecialchars_decode() in /home/versatil/public_html/demo/forum.php on line 252

 

But to have the target=/ stoped i am gona have to restructure the page >.<

I really appreciate this. Thanks corvex :-) I hope my board can one day be as good as all the others out there.

This isn't really security, but when you try to recover your password by writing in an email address, I can write anything in there. You shouldn't waste time searching MYSQL if the inputted email address doesn't validate. I tried "hello123.com" which isn't a valid email add.

 

Hope that helps? - Oh and I have a question, did you make that earth logo yourself? Looks pretty good.

i am currently testing a new script i made

 

function safeEscapeString($string){ 
if (get_magic_quotes_gpc()) { 
return $string; 
} else { 
return mysql_real_escape_string($string); 
} 
} 

function cleanVar($string){ 
$string = trim($string); 
$string = safeEscapeString($string); 
$string = htmlentities($string); 
return $string; 
} 

if (isset($_POST)){
$empty = $POST_ = array();
foreach ($_POST as $varname => $varvalue) {
    if (empty($varvalue)) {
        $empty[$varname] = cleanVar($varvalue);
    } else {
        $POST_[$varname] = cleanVar($varvalue);
        //$POST_[$varname] = $varvalue;
        //echo "POST var $varname = $POST_[$varname]<br>"; // DEBUG
    }
}
}

if (isset($GET_)){
$empty = $GET_ = array();
foreach ($GET_ as $varname => $varvalue) {
    if (empty($varvalue)) {
        $empty[$varname] = cleanVar($varvalue);
    } else {
        $GET_[$varname] = cleanVar($varvalue);
        //$GET_[$varname] = $varvalue;
        //echo "GET var $varname = $GET_[$varname]<br>"; // DEBUG
    }
}
}

if (isset($COOKIE_)){
$empty = $COOKIE_ = array();
foreach ($COOKIE_ as $varname => $varvalue) {
    if (empty($varvalue)) {
        $empty[$varname] = cleanVar($varvalue);
    } else {
        $COOKIE_[$varname] = cleanVar($varvalue);
        //$COOKIE_[$varname] = $varvalue;
        //echo "COOKIE var $varname = $COOKIE_[$varname]<br>"; // DEBUG
    }
}
}

if (isset($REQUEST_)){
$empty = $REQUEST_ = array();
foreach ($REQUEST_ as $varname => $varvalue) {
    if (empty($varvalue)) {
        $empty[$varname] = cleanVar($varvalue);
    } else {
        $REQUEST_[$varname] = cleanVar($varvalue);
        //$REQUEST_[$varname] = $varvalue;
        //echo "REQUEST var $varname = $REQUEST_[$varname]<br>"; // DEBUG
    }
}
}

 

I found a software called "IinfoRapid Search and replace" that replaced all $_POST, $_GET, $_COOKIE and $_REQUEST to the cleaned version $POST_, $GET_, $COOKIE_ and $REQUEST_ automatocly all in one shot hehe saved me hours and didin't miss one! Anyway, i hope this is gona solve every security issues.

 

Abbout the email bug i am gona make it return an error message if not valid thanks.

would be more like

if (isset($_POST)){
$empty = $POST_ = array();
foreach ($_POST as $varname => $varvalue) {
    if (empty($varvalue)) {
        $empty[$varname] = $varvalue;
    } else {
        $POST_[$varname] = cleanVar($varvalue);
        //$POST_[$varname] = $varvalue;
        //echo "POST var $varname = $POST_[$varname]<br>"; // DEBUG
    }
}
}

if (isset($_GET)){
$empty = $GET_ = array();
foreach ($_GET as $varname => $varvalue) {
    if (empty($varvalue)) {
        $empty[$varname] = $varvalue;
    } else {
        $GET_[$varname] = cleanVar($varvalue);
        //$GET_[$varname] = $varvalue;
        //echo "GET var $varname = $GET_[$varname]<br>"; // DEBUG
    }
}
}

if (isset($_COOKIE)){
$empty = $COOKIE_ = array();
foreach ($_COOKIE as $varname => $varvalue) {
    if (empty($varvalue)) {
        $empty[$varname] = $varvalue;
    } else {
        $COOKIE_[$varname] = cleanVar($varvalue);
        //$COOKIE_[$varname] = $varvalue;
        //echo "COOKIE var $varname = $COOKIE_[$varname]<br>"; // DEBUG
    }
}
}

if (isset($_REQUEST)){
$empty = $REQUEST_ = array();
foreach ($_REQUEST as $varname => $varvalue) {
    if (empty($varvalue)) {
        $empty[$varname] = $varvalue;
    } else {
        $REQUEST_[$varname] = cleanVar($varvalue);
        //$REQUEST_[$varname] = $varvalue;
        //echo "REQUEST var $varname = $REQUEST_[$varname]<br>"; // DEBUG
    }
}
}

 

lol i call those beer typos hehe

Array:

http://www.versatilebb.com/demo/index.php?target=viewforum&select[]

 

Cross Site Scripting:

http://www.versatilebb.com/demo/index.php/"><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

There is Cross Site Scripting if a post contains ">code.

 

Cross Site Scripting:

There is Cross Site Scripting in the profile if the fields contain ">code.

 

Full Path Disclosure:

http://www.versatilebb.com/demo/index.php?target[]

Fatal error: Call to undefined function: htmlspecialchars_decode() in /home/versatil/public_html/demo/forum.php on line 252

 

Full Path Disclosure:

http://www.versatilebb.com/demo/dereferrer.php?url[]

Warning: urldecode() expects parameter 1 to be string, array given in /home/versatil/public_html/demo/dereferrer.php on line 19

 

URL Inclusion:

http://www.versatilebb.com/demo/dereferrer.php?url=google.com

 

User Enumeration:

http://www.versatilebb.com/~root

 

User Enumeration:

http://www.versatilebb.com/~versatil

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.