Daney11 Posted February 27, 2008 Share Posted February 27, 2008 Hey guys, Could you beta test my site please. This will be the first run of beta testing. http://two.team-who.co.uk Username: demo@demo.com Password: milkshake *Please note that the registration email link will not work and the user demo has level 5 access, they can do everything Link to comment Share on other sites More sharing options...
Coreye Posted February 28, 2008 Share Posted February 28, 2008 Cross Site Scripting: You can submit ">code when creating a private message. Cross Site Scripting: You can submit ">code when creating a sponsor. Cross Site Scripting: You can submit ">code when editing and creating news. SQL Error: http://two.team-who.co.uk/news_more.php?news_id=83&page=a You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10, 10' at line 1 SQL Error: http://two.team-who.co.uk/members.php?page=a You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10, 10' at line 1 Link to comment Share on other sites More sharing options...
Coreye Posted February 28, 2008 Share Posted February 28, 2008 Cross Site Scripting: You can submit ">code when using the forgot password page. Full Path Disclosure: http://two.team-who.co.uk/CaptchaSecurityImages.php?width Warning: imagecreate(): Invalid image dimensions in /home/www/teamoywho/CaptchaSecurityImages.php on line 27 activation.php on either two.nexiv.co.uk or two.team-who.co.uk doesn't exist. You get an email filled with HTML after registering that looks like this: The HTML doesn't render. Hi Corey Corey,<br /><br />Thank you for registering with Team Who.<br /><br />You can now login using your username and password. The account details are as follows:<br /><br />Username: XXXXXXXXX@yahoo.com<br />Password: test<br /><br />In order to use your account you will need to activate it by clicking the link below.<br />If you have any problems with activating your account then please contact us immediately.<br /><br />http://two.nexiv.co.uk/activate.php?member_code=cf824355741c677d23c3347c9a62bfe0<br /><br /><br /><br />Thank you<br />http://www.<br />Your Number ONE website for team solutions<br /> Link to comment Share on other sites More sharing options...
unsider Posted February 28, 2008 Share Posted February 28, 2008 That's a really nice looking site, I too play CSS occasionally, I can't test it out, but I messed around with it for a while, and everything was fine. Link to comment Share on other sites More sharing options...
helraizer Posted February 28, 2008 Share Posted February 28, 2008 Full path disclosure http://two.team-who.co.uk/CaptchaSecurityImages.php?width=1p Warning: mt_rand() expects parameter 2 to be long, string given in /home/www/teamoywho/CaptchaSecurityImages.php on line 34 Warning: mt_rand() expects parameter 2 to be long, string given in /home/www/teamoywho/CaptchaSecurityImages.php on line 34 Warning: mt_rand() expects parameter 2 to be long, string given in /home/www/teamoywho/CaptchaSecurityImages.php on line 34 Warning: mt_rand() expects parameter 2 to be long, string given in /home/www/teamoywho/CaptchaSecurityImages.php on line 34 Warning: mt_rand() expects parameter 2 to be long, string given in /home/www/teamoywho/CaptchaSecurityImages.php on line 34 Warning: mt_rand() expects parameter 2 to be long, string given in /home/www/teamoywho/CaptchaSecurityImages.php on line 34 Warning: mt_rand() expects parameter 2 to be long, string given in /home/www/teamoywho/CaptchaSecurityImages.php on line 34 Warning: mt_rand() expects parameter 2 to be long, string given in /home/www/teamoywho/CaptchaSecurityImages.php on line 34 Warning: mt_rand() expects parameter 2 to be long, string given in /home/www/teamoywho/CaptchaSecurityImages.php on line 34 Warning: mt_rand() expects parameter 2 to be long, string given in /home/www/teamoywho/CaptchaSecurityImages.php on line 34 Warning: mt_rand() expects parameter 2 to be long, string given in /home/www/teamoywho/CaptchaSecurityImages.php on line 34 Warning: mt_rand() expects parameter 2 to be long, string given in /home/www/teamoywho/CaptchaSecurityImages.php on line 34 Warning: mt_rand() expects parameter 2 to be long, string given in /home/www/teamoywho/CaptchaSecurityImages.php on line 34 Warning: mt_rand() expects parameter 2 to be long, string given in /home/www/teamoywho/CaptchaSecurityImages.php on line 34 Warning: mt_rand() expects parameter 2 to be long, string given in /home/www/teamoywho/CaptchaSecurityImages.php on line 38 Warning: mt_rand() expects parameter 2 to be long, string given in /home/www/teamoywho/CaptchaSecurityImages.php on line 38 Warning: Cannot modify header information - headers already sent by (output started at /home/www/teamoywho/CaptchaSecurityImages.php:34) in /home/www/teamoywho/CaptchaSecurityImages.php on line 46 ÿØÿà�JFIF������ÿþ�>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality ÿÛ�C� $.' ",#(7),01444'9=82<.342ÿÛ�C 2!!22222222222222222222222222222222222222222222222222ÿÀ��(�"�ÿÄ����������� ÿÄ�µ���}�!1AQa"q2‘¡#B±ÁRÑð$3br‚ %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzƒ„…†‡ˆ‰Š’“”•–—˜™š¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓÔÕÖ×ØÙÚáâãäåæçèéêñòóôõö÷øùúÿÄ�������� ÿÄ�µ��w�!1AQaq"2B‘¡±Á #3RðbrÑ $4á%ñ&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz‚ƒ„…†‡ˆ‰Š’“”•–—˜™š¢£¤¥¦§¨©ª²³´µ¶·¸¹ºÂÃÄÅÆÇÈÉÊÒÓÔÕÖ×ØÙÚâãäåæçèéêòóôõö÷øùúÿÚ���?�ùþŠï¿·>ÿ�Ъÿ�àÌÿ�…ÀÑ^…ý‹ð·þ†Ýcÿ�ôPžÑEÿÙ Link to comment Share on other sites More sharing options...
Daney11 Posted February 28, 2008 Author Share Posted February 28, 2008 FIXED Cross Site Scripting: You can submit ">code when creating a private message. FIXED - Was this on the sponsor modify? URL part? Cross Site Scripting: You can submit ">code when creating a sponsor. FIXED Cross Site Scripting: You can submit ">code when editing and creating news. FIXED Cross Site Scripting: You can submit ">code when using the forgot password page. This is being created.. activation.php on either two.nexiv.co.uk or two.team-who.co.uk doesn't exist. FIXED SQL Error: http://two.team-who.co.uk/news_more.php?news_id=83&page=a Quote You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10, 10' at line 1 FIXED SQL Error: http://two.team-who.co.uk/members.php?page=a Quote You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10, 10' at line 1 HTML Email being fixed. 2 Questions: How do i fixed the captcha. Full Path Disclosure: http://two.team-who.co.uk/CaptchaSecurityImages.php?width Quote Warning: imagecreate(): Invalid image dimensions in /home/www/teamoywho/CaptchaSecurityImages.php on line 27 Full path disclosure http://two.team-who.co.uk/CaptchaSecurityImages.php?width=1p <?php session_start(); class CaptchaSecurityImages { var $font = 'arial.ttf'; function generateCode($characters) { /* list all possible characters, similar looking characters and vowels have been removed */ $possible = '23456789AaBbCDdEeFfGgHhJjKLMmNnPQqRrSTtUVWXYyZ'; $code = ''; $i = 0; while ($i < $characters) { $code .= substr($possible, mt_rand(0, strlen($possible)-1), 1); $i++; } return $code; } function CaptchaSecurityImages($width='120',$height='40',$characters='6') { $code = $this->generateCode($characters); /* font size will be 50% of the image height */ $font_size = $height * 0.50; $image = imagecreate($width, $height) or die('Cannot initialize new GD image stream'); /* set the colours */ $background_color = imagecolorallocate($image, 000, 000, 000); $text_color = imagecolorallocate($image, 250, 250, 250); $noise_color = imagecolorallocate($image, 000, 000, 000); /* generate random dots in background */ for( $i=0; $i<($width*$height)/3; $i++ ) { imagefilledellipse($image, mt_rand(0,$width), mt_rand(0,$height), 1, 1, $noise_color); } /* generate random lines in background */ for( $i=0; $i<($width*$height)/150; $i++ ) { imageline($image, mt_rand(0,$width), mt_rand(0,$height), mt_rand(0,$width), mt_rand(0,$height), $noise_color); } /* create textbox and add text */ $textbox = imagettfbbox($font_size, 0, $this->font, $code) or die('Error in imagettfbbox function'); $x = ($width - $textbox[4])/2; $y = ($height - $textbox[5])/2; imagettftext($image, $font_size, 0, $x, $y, $text_color, $this->font , $code) or die('Error in imagettftext function'); /* output captcha image to browser */ header('Content-Type: image/jpeg'); imagejpeg($image); imagedestroy($image); $_SESSION['security_code'] = $code; } } $width = isset($_GET['width']) && $_GET['height'] < 600 ? $_GET['width'] : '120'; $height = isset($_GET['height']) && $_GET['height'] < 200 ? $_GET['height'] : '40'; $characters = isset($_GET['characters']) && $_GET['characters'] > 2 ? $_GET['characters'] : '6'; $captcha = new CaptchaSecurityImages($width,$height,$characters); ?> Thanks for all your help guys. *All errors have been fixed on my local machine and wont be viewable online at the moment. Link to comment Share on other sites More sharing options...
Recommended Posts