Penetration Testing

Hi,

I've been coding my personal blog and have come to the point of releasing it to the public. I am now looking for people to try and hack the site. Anyone interested post here

mozzer

URL: PHP-GSY

if you want it professionally penetration tested contact me and i can organise a very reasonable price. full reports are given etc etc

I meant it more as a challenge for the HBH users, but if I ever do need something like that done I'll keep you in mind

"Copywrite" lolz :p

Meh, someone has already pointed that out to me at school. Forgot to change it

Thanks system :):)

Upon careful review of……1 minute, i have found…. dramatic sequence

Incorrect is spelt incorrect!

buahahahahah…:ninja:

Where? Post a comment on the site so I can find it. (NB, you don't have to use a real email)

[EDIT=1]

• Slaps head [/EDIT]

so this blog uses readblog.php script to read blogs. so if i select some nonexistant id or i just dont sellect it at all(exmp: http://phpgsy.com/readblog.php?id=99) i can add comments on a empty blog?! Its not vuln, but still it should be fixed :) cya

Well spotted, I never noticed that, thank you

again, a funny bug… in admin.php if u add argument comment with some value it would add that value bellow the 'submit' button. exmp: admin.php?comment=roflmao would add 'roflmao' bellow the submit button

Most likely not anything big but if you post a comment that is blank with all the other fields blank it still posts. Might want to add a if statement to avoid null floods.

Well I tried some common xss'ploits and they didn't work.

Stupid html entities :X

:) - nice site

@Aldar, yes I am going to be improving the comments to stop null and repeat comments

only wrote: again, a funny bug… in admin.php if u add argument comment with some value it would add that value bellow the 'submit' button. exmp: admin.php?comment=roflmao would add 'roflmao' bellow the submit button

I haven't found that, I dunno if thats just you. Anyone else seen it?

only wrote: again, a funny bug… in admin.php if u add argument comment with some value it would add that value bellow the 'submit' button. exmp: admin.php?comment=roflmao would add 'roflmao' bellow the submit button

mozzer wrote: I haven't found that, I dunno if thats just you. Anyone else seen it?

Doesn't work for me. "only", what browser are you using?

my mistake its 'content' not 'comment' :)

i use firefox btw

screenshot:

that bug is now officially confirmed, works here too. Oh btw "only", please resize or remove that img pleeeaaase :P ITS SO HUGE xD

done, sorry about that one :)

I know it is a problem. It's the host's damn register_globals

ok i have an idea. in the admin.php maybe u can change the author by a javainj or something and then try to login? its just a proposition i dunno if it works, and im kinda busy lately so i have no time to try out. cheers

No you can't change the author and log in like that.

BBCode is now up. And I expect there are a few exploits there already

is it just me or something is fucked up, i cant post comment…

No, it must be just you, unless you are neglecting a field or something