Jump to content

FragPegs.com Released!


Recommended Posts

Cross Site Scripting (XSS):

http://fragpegs.com/search.php?s="><marquee><h1>test

 

Cross Site Scripting (XSS):

You can submit ">code when adding posts to the forum.

 

Cross Site Scripting (XSS):

You can submit ">code when adding comments to the forum.

 

Cross Site Scripting (XSS):

You can submit ">code when adding comments to the games.

 

Cross Site Scripting (XSS):

You can submit ">code when adding comments to user profiles.

 

Cross Site Scripting (XSS):

You can submit ">code when adding games.

 

Cross Site Scripting (XSS):

You can submit ">code when adding a AIM screen name to your profile.

 

Cross Site Scripting (XSS):

You can submit ">code when adding a MSN screen name to your profile.

 

Cross Site Scripting (XSS):

You can submit ">code when adding a YIM screen name to your profile.

 

SQL:

http://fragpegs.com/members/?page=a

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10,10' at line 1

 

Full Path Disclosure:

http://fragpegs.com/members/?page[]

Fatal error: Unsupported operand types in /home/fragpegs/public_html/functions.php on line 733

 

Full Path Disclosure:

http://fragpegs.com/videos?page[]

Fatal error: Unsupported operand types in /home/fragpegs/public_html/functions.php on line 733

 

Full Path Disclosure:

http://fragpegs.com/categories?page[]

Fatal error: Unsupported operand types in /home/fragpegs/public_html/functions.php on line 733

 

SQL:

http://fragpegs.com/categories?page=a

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-14,7' at line 1

 

SQL:

http://fragpegs.com/videos?page=a

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10,10' at line 1

 

You can add blank forum posts.

 

You can add blank comments.

Link to comment
Share on other sites

Full Path Disclosure and Table Information:

http://fragpegs.com/posts

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/fragpegs/public_html/functions.php on line 734

Table 'fragpegs_FragpegsVideos.0' doesn't exist

 

SQL:

http://fragpegs.com/clans?page=a

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10,10' at line 1

 

SQL:

http://fragpegs.com/notices?page=a

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10,10' at line 1
Link to comment
Share on other sites

you can however do html code, which i allow, except i filter out <script> tags. maybe you could test that for an exploit?

 

I would not allow users to do that. That's just bad for security. As you can see I added a redirect script.

Link to comment
Share on other sites

Good Day! :)

 

I have just visited your site, and played one of your clan videos. Brilliant!, though the mute button doesn't work. Upon clicking the mute button, the video for some reason gets restarted?

 

All in all. Site is not bad. Keep up the good work. :)

 

Dysan

Link to comment
Share on other sites

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.