Jump to content

my guestbook , please critisize !!!!!!

webtuto

By webtuto
in Beta Test Your Stuff!

 Share

Recommended Posts

Coreye Member

Coreye

Posted
Posted

SQL and Full Path Disclosure:

http://mixwebs.com/guest/home.php?page

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/sites/mixwebs.com/public_html/guest/home.php on line 166

 

Full Path Disclosure:

http://mixwebs.com/guest/delete.php

Warning: Cannot modify header information - headers already sent by (output started at /home/sites/mixwebs.com/public_html/guest/delete.php:15) in /home/sites/mixwebs.com/public_html/guest/delete.php on line 16

 

SQL:

http://mixwebs.com/guest/ban.php?ip='

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1

 

Full Path Disclosure:

When you enter \ or ' for the admin login.

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/sites/mixwebs.com/public_html/guest/login.php on line 7
hawkenterprises Newbie

hawkenterprises

Posted
Posted

http://mixwebs.com/guest/login.php

 

The username or password are mistaken please check theme again

 

should be "them"

 

 

Also when making a form with a post please try and tell the user what happen to their data.  When I entered my data, I had to scroll down to see what was going on, it should be informative and at the top.

 

Other than that looks good

ILYAS415 Member

ILYAS415

Posted
Posted

Login.php

SQL:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' and pass='71846103235986e3e3ded8d2dd717c7d'' at line 1

 

User.php

SQL Injection vunerability

', email='blabla

and this is what u get if u use the email column...

Unknown column 'email' in 'field list'

Basically someone can change a column name for their user

 

Full path disclosure:

When you enter ' as your new pass and ' as your old pass

Warning: Cannot modify header information - headers already sent by (output started at /home/sites/mixwebs.com/public_html/guest/pass.php:22) in /home/sites/mixwebs.com/public_html/guest/pass.php on line 23

 

You can fix by checking what the user types into the login boxes.

ILYAS415 Member

ILYAS415

Posted
Posted

http://mixwebs.com/guest/ban.php?ip='

SQL:

When you enter a ' as the ip.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1

 

Try filtering out html entities in the $_GET['ip'] thing

ILYAS415 Member

ILYAS415

Posted
Posted

SQL and Full Path Disclosure:

When you set the page number to 99999999999999999999999999999999999999 or when u type a minus number

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/sites/mixwebs.com/public_html/guest/home.php on line 104

 

make sure they havnt entered a page number below 0 and also make sure that the results go up to a certain page they type eg. their are results for page 999 but not for 999999999999999999999999999999999

 

Also major grammer and spelling:

When you type in an incorect username and pass...

The username or password are mistaken please check theme again

it should be...

The login information was incorrect. Please check them again.

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.