PHP Search PRO

[hawkenterprises]

Hello All,

 

Hawk Enterprises has just released it's latest version of PHP Search Pro 

 

PHP Search Pro is a open source (free) script written in PHP that works off of keywords entered into it to pull up search terms.  It's similar in the way google creates there indexes.  This is the second iteration of this project so I'm hoping you won't find too many problems just be able to tell me what new features I should ad or what I should do to improve it.

PHP Search Pro 

 

[Coreye]

Array:

http://www.hawkenterprises.org/dev/phpsearchpro/admin/?search_text[]

 

Cross Site Scripting:

You can submit ">code when adding a new site.

 

SQL and Table Information:

INSERT INTO `search_data` VALUES (NULL,"\\\'","\\\'","\\\'","\\\'",0,CURRENT_TIMESTAMP(),0,0)Link successfully stored.

 

Full Path Disclosure:

http://www.hawkenterprises.org/dev/phpsearchpro/admin/editlisting.php

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/gerra0/public_html/hawkenterprises/dev/phpsearchpro/admin/editlisting.php on line 15

 

 

[hawkenterprises]

I appreciate the information, I fixed the problems.

 

Array:

http://www.hawkenterprises.org/dev/phpsearchpro/admin/?search_text[]

 

I attempted to figure out a way that is exploitable, to say the least I didn't find a way.  I couldn't backtick in, semi-colon break out, or javascript my way to freedom.  I do find it horribly interesting that the parser actually converts [] to an array like that via get_string.

 

Thank you for your security audit

[agentsteal]

Array:

http://www.hawkenterprises.org/dev/phpsearchpro/admin/index.php?search_text[]

 

Cross Site Scripting:

There is Cross Site Scripting on http://www.hawkenterprises.org/dev/phpsearchpro/admin/editlisting.php if the fields contain code.

 

Cross Site Scripting:

There is Cross Site Scripting on http://www.hawkenterprises.org/dev/phpsearchpro/entryform.php if the fields contain code.

 

Full Path Disclosure:

http://www.hawkenterprises.org/dev/phpsearchpro/generatedata.php

Warning: mysql_query() [function.mysql-query]: Access denied for user 'gerra0'@'localhost' (using password: NO) in /home/gerra0/public_html/hawkenterprises/dev/phpsearchpro/generatedata.php on line 28

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/gerra0/public_html/hawkenterprises/dev/phpsearchpro/generatedata.php on line 28

Access denied for user 'gerra0'@'localhost' (using password: NO)INSERT INTO `search_data` VALUES (null,"neat","http://www.hawkenterprises.com","http://www.hawkenterprises.com","this is generated test data, testing load, functionality, etc.",0,CURRENT_TIMESTAMP(),0,0)

 

Full Path Disclosure:

http://www.hawkenterprises.org/dev/phpsearchpro/index.php

Warning: mysql_query() [function.mysql-query]: Access denied for user 'gerra0'@'localhost' (using password: NO) in /home/gerra0/public_html/hawkenterprises/dev/phpsearchpro/search.php on line 3

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/gerra0/public_html/hawkenterprises/dev/phpsearchpro/search.php on line 3

 

Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /home/gerra0/public_html/hawkenterprises/dev/phpsearchpro/search.php on line 3

 

Full Path Disclosure:

http://www.hawkenterprises.org/dev/phpsearchpro/admin/editlisting.php

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/gerra0/public_html/hawkenterprises/dev/phpsearchpro/admin/editlisting.php on line 15

 

Full Path Disclosure:

http://www.hawkenterprises.org/dev/phpsearchpro/search.php

Warning: mysql_query() [function.mysql-query]: Access denied for user 'gerra0'@'localhost' (using password: NO) in /home/gerra0/public_html/hawkenterprises/dev/phpsearchpro/search.php on line 3

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/gerra0/public_html/hawkenterprises/dev/phpsearchpro/search.php on line 3

 

Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /home/gerra0/public_html/hawkenterprises/dev/phpsearchpro/search.php on line 3

 

Full Path Disclosure:

http://www.hawkenterprises.org/dev/phpsearchpro/admin/search.php

Warning: mysql_query() [function.mysql-query]: Access denied for user 'gerra0'@'localhost' (using password: NO) in /home/gerra0/public_html/hawkenterprises/dev/phpsearchpro/admin/search.php on line 3

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/gerra0/public_html/hawkenterprises/dev/phpsearchpro/admin/search.php on line 3

 

Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /home/gerra0/public_html/hawkenterprises/dev/phpsearchpro/admin/search.php on line 3

 

PHP Source Code Disclosure:

http://www.hawkenterprises.org/dev/phpsearchpro/phpsearchpro.zip

 

PHP Source Code Disclosure:

http://www.hawkenterprises.org/dev/phpsearchpro/results_stub.tpl

 

PHP Source Code Disclosure:

http://www.hawkenterprises.org/dev/phpsearchpro/admin/results.tpl

 

SQL Dump:

http://www.hawkenterprises.org/dev/phpsearchpro/database.sql

 

SQL Dump:

http://www.hawkenterprises.org/dev/phpsearchpro/admin/search.php

define('DBUSER','\''); define('DBPASS','\''); define('DBNAME','\''); define('DBHOST','\''); mysql_connect(DBHOST,DBUSER,DBPASS) or die(mysql_error()); if(!mysql_select_db(DBNAME)){ echo 'Unable to select database.'.mysql_error(); exit; }

 

SQL Dump:

http://www.hawkenterprises.org/dev/phpsearchpro/phpsearchpro.zip

 

SQL Dump:

http://www.hawkenterprises.org/dev/phpsearchpro/results.php?search_text

define('DBUSER','\''); define('DBPASS','\''); define('DBNAME','\''); define('DBHOST','\''); mysql_connect(DBHOST,DBUSER,DBPASS) or die(mysql_error()); if(!mysql_select_db(DBNAME)){ echo 'Unable to select database.'.mysql_error(); exit; } define('DBUSER','\''); define('DBPASS','\''); define('DBNAME','\''); define('DBHOST','\''); mysql_connect(DBHOST,DBUSER,DBPASS) or die(mysql_error()); if(!mysql_select_db(DBNAME)){ echo 'Unable to select database.'.mysql_error(); exit; }

 

SQL Dump:

http://www.hawkenterprises.org/dev/phpsearchpro/search.php

define('DBUSER','\''); define('DBPASS','\''); define('DBNAME','\''); define('DBHOST','\''); mysql_connect(DBHOST,DBUSER,DBPASS) or die(mysql_error()); if(!mysql_select_db(DBNAME)){ echo 'Unable to select database.'.mysql_error(); exit; }

 

SQL Dump:

There is an SQL Dump on http://www.hawkenterprises.org/dev/phpsearchpro/admin/editlisting.php if you submit the form.

UPDATE `search_data` set keyword = "",title= "",link="",description="" WHERE id=Link successfully stored.

 

SQL Dump:

http://www.hawkenterprises.org/dev/phpsearchpro/index.php

define('DBUSER','\''); define('DBPASS','\''); define('DBNAME','\''); define('DBHOST','\''); mysql_connect(DBHOST,DBUSER,DBPASS) or die(mysql_error()); if(!mysql_select_db(DBNAME)){ echo 'Unable to select database.'.mysql_error(); exit; }

 

SQL Dump:

http://www.hawkenterprises.org/dev/phpsearchpro/admin/editlisting.php

define('DBUSER','\''); define('DBPASS','\''); define('DBNAME','\''); define('DBHOST','\''); mysql_connect(DBHOST,DBUSER,DBPASS) or die(mysql_error()); if(!mysql_select_db(DBNAME)){ echo 'Unable to select database.'.mysql_error(); exit; }

 

SQL Dump:

http://www.hawkenterprises.org/dev/phpsearchpro/dbcreds.php

define('DBUSER','\''); define('DBPASS','\''); define('DBNAME','\''); define('DBHOST','\''); mysql_connect(DBHOST,DBUSER,DBPASS) or die(mysql_error()); if(!mysql_select_db(DBNAME)){ echo 'Unable to select database.'.mysql_error(); exit; }

 

SQL Dump:

http://www.hawkenterprises.org/dev/phpsearchpro/generatedata.php

define('DBUSER','\''); define('DBPASS','\''); define('DBNAME','\''); define('DBHOST','\''); mysql_connect(DBHOST,DBUSER,DBPASS) or die(mysql_error()); if(!mysql_select_db(DBNAME)){ echo 'Unable to select database.'.mysql_error(); exit; }

 

SQL Dump:

There is an SQL Dump on http://www.hawkenterprises.org/dev/phpsearchpro/entryform.php if you submit the form.

INSERT INTO `search_data` VALUES (NULL,"\\\'","\\\'","\\\'","\\\'",0,CURRENT_TIMESTAMP(),0,0)Link successfully stored.

 

User Enumeration:

http://www.hawkenterprises.org/~gerra0

 

User Enumeration:

http://www.hawkenterprises.org/~nobody

[phpSensei]

hahaha, sorry for laughing but everytime someone says 'pro' in there topic title, it actually isnt. So many bugs..