Сервис проверки сайта на уеязвимости

дайте фейк-регу на хосте, поприкалываюсь хоть

Ares* (20.12.2010/15:28)
нука пример "дыр" напиши..

Вот смотри
Отчет
сканирования:
All - (3) Errors - (0)
Warnings - (1) Notices -
(2)
1 - files scanned
/index.php
71:
echo $pr=(($i == 1 || $i
== $num_pages || abs
($i-$page) < 2) ? ($i ==
$page ? " [$i] " : ' <a
href="'.$_SERVER
['SCRIPT_NAME'].'?
page='.$i.'">'.$i.'</a> ') :
(($pr == ' ... ' || $pr == '')?
'' : ' ... '));
Warning!
/index.php
3:
ini_set('user_agent',
$_SERVER
['HTTP_USER_AGENT']);
Notice!
/index.php
36:
if(substr_count
($_SERVER
['HTTP_USER_AGENT'],
'MSIE'))
Notice!
Это скрипт цитатика Баша думаю все знают что он дырка (я про тот что в двиг колектива был)

прикольный сервис. конечно немного неправильный. но для начала норм..)

Сканировал Джона
результат :

Отчет сканирования:
All - (196) Errors - (9) Warnings - (183) Notices - (4)
184 - files scanned
/download/makdir.php
51:	echo "<form action='?act=makdir&amp;cat=" . $_GET['cat'] . 	Error!
/install/index.php
106:	echo '<ul>��и желании, �� може�е ���анови�� <a href="index.php?act=demo&amp;id=' . $user_id . '&amp;ps=' . $_POST['wpassadmina'] . 	Error!
/install/index.php
110:	echo '<hr /><a href="../login.php?id=' . $user_id . '&amp;p=' . $_POST['wpassadmina'] . '">��од на �ай�</a>'; 	Error!
/install/index.php
151:	echo "<p style='step'><a class='button' href='../login.php?id=" . $_GET['id'] . "&amp;p=" . $_GET['ps'] . "'>��од на �ай�</a></p>"; 	Error!
/panel/sys_set.php
24:	mysql_query("UPDATE `cms_settings` SET `val`='" . check($_POST['skindef']) . "' WHERE `key` = 'skindef'"); 	Error!
/panel/sys_set.php
27:	mysql_query("UPDATE `cms_settings` SET `val`='" . check($_POST['copyright']) . "' WHERE `key` = 'copyright'"); 	Error!
/panel/sys_set.php
28:	mysql_query("UPDATE `cms_settings` SET `val`='" . check($_POST['homeurl']) . "' WHERE `key` = 'homeurl'"); 	Error!
/panel/sys_set.php
32:	mysql_query("UPDATE `cms_settings` SET `val`='" . check($_POST['meta_key']) . "' WHERE `key` = 'meta_key'"); 	Error!
/panel/sys_set.php
33:	mysql_query("UPDATE `cms_settings` SET `val`='" . check($_POST['meta_desc']) . "' WHERE `key` = 'meta_desc'"); 	Error!
/captcha.php
147:	$credits = empty($credits) ? $_SERVER['HTTP_HOST'] : $credits; 	Warning!
/chat/index.php
162:	$msg = check(trim($_POST['msg'])); 	Warning!
/chat/index.php
267:	$nas = check($_POST['nas']); 	Warning!
/chat/index.php
268:	$msg = check(trim($_POST['msg'])); 	Warning!
/chat/index.php
467:	$parol = check($_POST['parol']); 	Warning!
/chat/who.php
26:	$id = intval(check($_GET['id'])); 	Warning!
/download/addkomm.php
41:	$msg = check(trim($_POST['msg'])); 	Warning!
/download/arc.php
66:	$f = $_GET['f']; 	Warning!
/download/cut.php
86:	$url = $_POST['url']; 	Warning!
/download/cut.php
87:	$a = check(trim($_POST['a'])); 	Warning!
/download/cut.php
90:	$way = check(trim($_POST['way'])); 	Warning!
/download/delcat.php
20:	$cat = $_GET['cat']; 	Warning!
/download/import.php
32:	$url = trim($_POST['url']); 	Warning!
/download/import.php
33:	$opis = check(trim($_POST['opis'])); 	Warning!
/download/import.php
34:	$newn = check(trim($_POST['newn'])); 	Warning!
/download/makdir.php
22:	$cat = $_GET['cat']; 	Warning!
/download/makdir.php
35:	$drn = check(trim($_POST['drn'])); 	Warning!
/download/makdir.php
36:	$rusn = check(trim($_POST['rusn'])); 	Warning!
/download/opis.php
37:	$newt = check(trim($_POST['newt'])); 	Warning!
/download/rat.php
38:	$rat = intval(check($_POST['rat'])); 	Warning!
/download/ren.php
33:	$newrus = check(trim($_POST['newrus'])); 	Warning!
/download/renf.php
38:	$newf = check(trim($_POST['newf'])); 	Warning!
/download/screen.php
72:	$uploadedfile = $_POST['fail1']; 	Warning!
/download/search.php
20:	$srh = check(trim($_GET['srh'])); 	Warning!
/download/search.php
28:	$srh = check(trim($_POST['srh'])); 	Warning!
/download/search.php
31:	$srh = check(trim($_GET['srh'])); 	Warning!
/download/search.php
37:	$start = $_GET['start']; 	Warning!
/download/select.php
21:	$cat = $_GET['cat']; 	Warning!
/download/upl.php
30:	$opis = check(trim($_POST['opis'])); 	Warning!
/download/upl.php
46:	$newname = check(trim($_POST['newname'])); 	Warning!
/download/upl.php
110:	$uploadedfile = $_POST['fail1']; 	Warning!
/download/upl.php
121:	$newname = check(trim($_POST['newname'])); 	Warning!
/download/upl.php
125:	$uploadedfile1 = $_POST['screens1']; 	Warning!
/forum/addfile.php
56:	$array = explode('file=', $_POST['fail1']); 	Warning!
/forum/addvote.php
29:	$vote_name = mb_substr(trim($_POST['name_vote']), 0, 50); 	Warning!
/forum/addvote.php
41:	$text = mb_substr(trim($_POST[$vote]), 0, 30); 	Warning!
/forum/editvote.php
55:	$vote_name = mb_substr(trim($_POST['name_vote']), 0, 50); 	Warning!
/forum/editvote.php
61:	$text = mb_substr(trim($_POST[$vote['id'] . 'vote']), 0, 30); 	Warning!
/forum/editvote.php
68:	$text = mb_substr(trim($_POST[$vote]), 0, 30); 	Warning!
/forum/filter.php
27:	= isset ($_GET['do']) ? trim($_GET['do']) : ''; 	Warning!
/forum/filter.php
37:	$users = isset ($_POST['users']) ? $_POST['users'] : ''; 	Warning!
/forum/loadtem.php
25:	$n = $_GET['n']; 	Warning!
/forum/massdel.php
38:	foreach ($_POST['delch'] as $v) { 	Warning!
/forum/new.php
35:	= isset ($_GET['do']) ? $_GET['do'] : ''; 	Warning!
/forum/nt.php
43:	$th = isset($_POST['th']) ? trim($_POST['th']) : ''; 	Warning!
/forum/nt.php
44:	$msg = isset($_POST['msg']) ? trim($_POST['msg']) : ''; 	Warning!
/forum/per.php
26:	$id = intval(check($_GET['id'])); 	Warning!
/forum/per.php
42:	$razd = intval(check($_POST['razd'])); 	Warning!
/forum/per.php
62:	$other = intval(check($_GET['other'])); 	Warning!
/forum/ren.php
26:	$id = intval(check($_GET['id'])); 	Warning!
/forum/ren.php
43:	$nn = check(trim($_POST['nn'])); 	Warning!
/forum/say.php
52:	$msg = trim($_POST['msg']); 	Warning!
/forum/say.php
144:	$msg = trim($_POST['msg']); 	Warning!
/forum/say.php
151:	$citata = trim($_POST['citata']); 	Warning!
/forum/search.php
29:	$search = isset ($_POST['search']) ? trim($_POST['search']) : ''; 	Warning!
/forum/search.php
30:	$search = $search ? $search : rawurldecode(trim($_GET['search'])); 	Warning!
/forum/thumbinal.php
24:	$file = isset ($_GET['file']) ? htmlspecialchars(urldecode($_GET['file'])) : NULL; 	Warning!
/forum/who.php
31:	$do = isset($_GET['do']) ? $_GET['do'] : ''; 	Warning!
/gallery/addkomm.php
39:	$msg = check(trim($_POST['msg'])); 	Warning!
/gallery/cral.php
35:	$text = check($_POST['text']); 	Warning!
/gallery/edf.php
34:	$text = check($_POST['text']); 	Warning!
/gallery/edit.php
31:	$text = check($_POST['text']); 	Warning!
/gallery/edit.php
43:	$text = check($_POST['text']); 	Warning!
/gallery/load.php
47:	$text = check($_POST['text']); 	Warning!
/gallery/load.php
96:	$uploadedfile = $_POST['fail1']; 	Warning!
/gallery/razd.php
22:	$text = check($_POST['text']); 	Warning!
/go.php
21:	$adres = trim($_POST['adres']); 	Warning!
/incfiles/class_ipinit.php
40:	return $_SERVER['HTTP_X_FORWARDED_FOR']; 	Warning!
/incfiles/class_ipinit.php
43:	return $_SERVER['REMOTE_ADDR']; 	Warning!
/incfiles/core.php
29:	$in = array(& $_GET, & $_POST, & $_COOKIE); 	Warning!
/incfiles/core.php
53:	$act = isset ($_GET['act']) ? trim($_GET['act']) : ''; 	Warning!
/incfiles/core.php
54:	$mod = isset ($_GET['mod']) ? trim($_GET['mod']) : ''; 	Warning!
/incfiles/core.php
55:	$do = isset ($_GET['do']) ? trim($_GET['do']) : ''; 	Warning!
/incfiles/core.php
187:	$user_id = intval(base64_decode($_COOKIE['cuid'])); 	Warning!
/install/index.php
60:	$log = trim($_POST['wnickadmina']); 	Warning!
/install/index.php
62:	$par = trim($_POST['wpassadmina']); 	Warning!
/install/index.php
64:	$meil = trim($_POST['wemailadmina']); 	Warning!
/install/index.php
65:	$hom = trim($_POST[whome]); 	Warning!
/install/index.php
66:	$brow = $_SERVER["HTTP_USER_AGENT"]; 	Warning!
/install/index.php
67:	$ip = $_SERVER["REMOTE_ADDR"]; 	Warning!
/install/index.php
158:	$dhost = trim($_POST['host']); 	Warning!
/install/index.php
159:	$duser = trim($_POST['user']); 	Warning!
/install/index.php
160:	$dpass = trim($_POST['pass']); 	Warning!
/install/index.php
161:	$dname = trim($_POST['name']); 	Warning!
/library/addkomm.php
46:	$msg = check(trim($_POST['msg'])); 	Warning!
/library/edit.php
43:	$text = trim($_POST['text']); 	Warning!
/library/edit.php
44:	$autor = isset ($_POST['autor']) ? check(trim($_POST['autor'])) : ''; 	Warning!
/library/edit.php
47:	$anons = mb_substr(trim($_POST['anons']), 0, 100); 	Warning!
/library/edit.php
67:	$text = check($_POST['text']); 	Warning!
/library/edit.php
87:	$text = check($_POST['text']); 	Warning!
/library/load.php
40:	$name = mb_substr($_POST['name'], 0, 50); 	Warning!
/library/load.php
81:	$anons = mb_substr($_POST['anons'], 0, 100); 	Warning!
/library/load.php
110:	$libedfile = $_POST['fail1']; 	Warning!
/library/load.php
164:	$anons = mb_substr($_POST['anons'], 0, 100); 	Warning!
/library/mkcat.php
39:	$text = check($_POST['text']); 	Warning!
/library/search.php
21:	$srh = trim($_POST['srh']); 	Warning!
/library/write.php
54:	$text = trim($_POST['text']); 	Warning!
/library/write.php
56:	$anons = mb_substr(trim($_POST['anons']), 0, 100); 	Warning!
/login.php
27:	$user_login = isset($_POST['n']) ? check($_POST['n']) : NULL; 	Warning!
/login.php
28:	$user_pass = isset($_REQUEST['p']) ? check($_REQUEST['p']) : NULL; 	Warning!
/login.php
30:	$user_code = isset($_POST['code']) ? trim($_POST['code']) : NULL; 	Warning!
/panel/mod_ads.php
28:	$from = isset ($_GET['from']) ? $_GET['from'] : ''; 	Warning!
/panel/mod_ads.php
106:	$color = mb_substr(trim($_POST['color']), 0, 6); 	Warning!
/panel/mod_ads.php
246:	$color = mb_substr(trim($_POST['color']), 0, 6); 	Warning!
/panel/mod_chat.php
65:	$nr = check($_POST['nr']); 	Warning!
/panel/mod_chat.php
66:	$tr = check($_POST['tr']); 	Warning!
/panel/mod_chat.php
127:	$nr = check(trim($_POST['nr'])); 	Warning!
/panel/mod_chat.php
128:	$tr = check(trim($_POST['tr'])); 	Warning!
/panel/mod_counters.php
146:	$name = isset ($_POST['name']) ? mb_substr(trim($_POST['name']), 0, 25) : ''; 	Warning!
/panel/mod_counters.php
147:	$link1 = isset ($_POST['link1']) ? trim($_POST['link1']) : ''; 	Warning!
/panel/mod_counters.php
148:	$link2 = isset ($_POST['link2']) ? trim($_POST['link2']) : ''; 	Warning!
/panel/mod_counters.php
210:	$name = isset ($_POST['name']) ? mb_substr($_POST['name'], 0, 25) : ''; 	Warning!
/panel/mod_counters.php
211:	$link1 = isset ($_POST['link1']) ? $_POST['link1'] : ''; 	Warning!
/panel/mod_counters.php
212:	$link2 = isset ($_POST['link2']) ? $_POST['link2'] : ''; 	Warning!
/panel/mod_forum.php
209:	$name = isset ($_POST['name']) ? check($_POST['name']) : ''; 	Warning!
/panel/mod_forum.php
210:	$desc = isset ($_POST['desc']) ? check($_POST['desc']) : ''; 	Warning!
/panel/mod_forum.php
270:	$name = isset ($_POST['name']) ? check($_POST['name']) : ''; 	Warning!
/panel/mod_forum.php
271:	$desc = isset ($_POST['desc']) ? check($_POST['desc']) : ''; 	Warning!
/panel/mod_forum.php
595:	foreach ($_POST['moder'] as $v) { 	Warning!
/panel/sys_ipban.php
30:	$ip = isset($_POST['ip']) ? trim($_POST['ip']) : ''; 	Warning!
/panel/sys_ipban.php
202:	$ban_url = isset($_POST['url']) ? trim($_POST['url']) : ''; 	Warning!
/panel/sys_ipban.php
203:	$reason = isset($_POST['reason']) ? trim($_POST['reason']) : ''; 	Warning!
/panel/sys_ipban.php
247:	$ip = ip2long($_POST['ip']); 	Warning!
/panel/usr_list.php
20:	$sort = isset ($_GET['sort']) ? trim($_GET['sort']) : ''; 	Warning!
/panel/usr_search_ip.php
20:	$search = isset($_POST['search']) ? trim($_POST['search']) : ''; 	Warning!
/panel/usr_search_ip.php
21:	$search = $search ? $search : rawurldecode(trim($_GET['search'])); 	Warning!
/panel/usr_search_nick.php
22:	$search = isset ($_POST['search']) ? trim($_POST['search']) : ''; 	Warning!
/panel/usr_search_nick.php
23:	$search = $search ? $search : rawurldecode(trim($_GET['search'])); 	Warning!
/read.php
25:	$do = isset ($_GET['do']) ? $_GET['do'] : ''; 	Warning!
/registration.php
49:	$reg_kod = isset($_POST['kod']) ? trim($_POST['kod']) : ''; 	Warning!
/registration.php
50:	$reg_nick = isset($_POST['nick']) ? trim($_POST['nick']) : ''; 	Warning!
/registration.php
52:	$reg_pass = isset($_POST['password']) ? trim($_POST['password']) : ''; 	Warning!
/registration.php
53:	$reg_name = isset($_POST['imname']) ? trim($_POST['imname']) : ''; 	Warning!
/registration.php
54:	$reg_about = isset($_POST['about']) ? trim($_POST['about']) : ''; 	Warning!
/registration.php
55:	$reg_sex = isset($_POST['sex']) ? trim($_POST['sex']) : ''; 	Warning!
/str/brd.php
24:	$page = $_GET['page']; 	Warning!
/str/cont.php
25:	$act = $_GET['act']; 	Warning!
/str/cont.php
43:	$nik = check($_POST['nik']); 	Warning!
/str/cont.php
46:	$nik = check($_GET['nik']); 	Warning!
/str/guest.php
67:	$name = isset($_POST['name']) ? mb_substr(trim($_POST['name']), 0, 20) : ''; 	Warning!
/str/guest.php
68:	$msg = isset($_POST['msg']) ? mb_substr(trim($_POST['msg']), 0, 5000) : ''; 	Warning!
/str/guest.php
70:	$code = isset($_POST['code']) ? trim($_POST['code']) : ''; 	Warning!
/str/guest.php
137:	$otv = mb_substr($_POST['otv'], 0, 5000); 	Warning!
/str/guest.php
167:	$msg = mb_substr($_POST['msg'], 0, 500); 	Warning!
/str/ignor.php
26:	$act = $_GET['act']; 	Warning!
/str/ignor.php
41:	$nik = check($_POST['nik']); 	Warning!
/str/ignor.php
44:	$nik = check($_GET['nik']); 	Warning!
/str/karma.php
55:	$text = trim($_POST['text']); 	Warning!
/str/my_data.php
73:	$user['imname'] = isset($_POST['imname']) ? check(mb_substr($_POST['imname'], 0, 25)) : ''; 	Warning!
/str/my_data.php
74:	$user['live'] = isset($_POST['live']) ? check(mb_substr($_POST['live'], 0, 50)) : ''; 	Warning!
/str/my_data.php
78:	$user['about'] = isset($_POST['about']) ? check(mb_substr($_POST['about'], 0, 500)) : ''; 	Warning!
/str/my_data.php
79:	$user['mibile'] = isset($_POST['mibile']) ? check(mb_substr($_POST['mibile'], 0, 40)) : ''; 	Warning!
/str/my_data.php
80:	$user['mail'] = isset($_POST['mail']) ? check(mb_substr($_POST['mail'], 0, 40)) : ''; 	Warning!
/str/my_data.php
83:	$user['skype'] = isset($_POST['skype']) ? check(mb_substr($_POST['skype'], 0, 40)) : ''; 	Warning!
/str/my_data.php
84:	$user['jabber'] = isset($_POST['jabber']) ? check(mb_substr($_POST['jabber'], 0, 40)) : ''; 	Warning!
/str/my_data.php
85:	$user['www'] = isset($_POST['www']) ? check(mb_substr($_POST['www'], 0, 40)) : ''; 	Warning!
/str/my_data.php
87:	$user['name'] = isset($_POST['name']) ? check(mb_substr($_POST['name'], 0, 20)) : $user['name']; 	Warning!
/str/my_data.php
88:	$user['status'] = isset($_POST['status']) ? check(mb_substr($_POST['status'], 0, 50)) : ''; 	Warning!
/str/my_pass.php
56:	$oldpass = isset ($_POST['oldpass']) ? trim($_POST['oldpass']) : ''; 	Warning!
/str/my_pass.php
57:	$newpass = isset ($_POST['newpass']) ? trim($_POST['newpass']) : ''; 	Warning!
/str/my_pass.php
58:	$newconf = isset ($_POST['newconf']) ? trim($_POST['newconf']) : ''; 	Warning!
/str/my_set.php
111:	$mood_adm = isset ($_POST['mood_adm']) ? check(mb_substr(trim($_POST['mood_adm']), 0, 30)) : ''; 	Warning!
/str/my_set.php
192:	$set_user['skin'] = isset ($_POST['skin']) ? check(trim($_POST['skin'])) : 'default'; 	Warning!
/str/my_stat.php
37:	= isset ($_GET['do']) ? trim($_GET['do']) : ''; 	Warning!
/str/news.php
25:	= isset ($_GET['do']) ? $_GET['do'] : ''; 	Warning!
/str/news.php
51:	$name = check($_POST['name']); 	Warning!
/str/news.php
52:	$text = trim($_POST['text']); 	Warning!
/str/news.php
55:	$rz = $_POST['rz']; 	Warning!
/str/news.php
135:	$name = check($_POST['name']); 	Warning!
/str/pradd.php
23:	$msg = check(trim($_POST['msg'])); 	Warning!
/str/pradd.php
27:	$foruser = check(trim($_POST['foruser'])); 	Warning!
/str/pradd.php
28:	$tem = check(trim($_POST['tem'])); 	Warning!
/str/pradd.php
30:	$act = isset ($_GET['act']) ? $_GET['act'] : ''; 	Warning!
/str/pradd.php
74:	$array = explode('file=', $_POST['fail1']); 	Warning!
/str/pradd.php
299:	foreach ($_POST['delch'] as $v) { 	Warning!
/str/skl.php
35:	$nick = isset($_POST['nick']) ? rus_lat(mb_strtolower(check($_POST['nick']))) : ''; 	Warning!
/str/skl.php
36:	$email = isset($_POST['email']) ? htmlspecialchars(trim($_POST['email'])) : ''; 	Warning!
/str/skl.php
37:	$code = isset($_POST['code']) ? trim($_POST['code']) : ''; 	Warning!
/str/skl.php
79:	$code = isset($_GET['code']) ? trim($_GET['code']) : ''; 	Warning!
/str/smile.php
101:	$_SESSION['refsm'] = htmlspecialchars($_SERVER['HTTP_REFERER']); 	Warning!
/str/users_ban.php
65:	$reason = !empty($_POST['reason']) ? trim($_POST['reason']) : ''; 	Warning!
/str/users_search.php
26:	$search = isset ($_POST['search']) ? trim($_POST['search']) : ''; 	Warning!
/str/users_search.php
27:	$search = $search ? $search : rawurldecode(trim($_GET['search'])); 	Warning!
/incfiles/class_ipinit.php
39:	if (isset ($_SERVER['HTTP_X_FORWARDED_FOR']) && $this->ip_valid($_SERVER['HTTP_X_FORWARDED_FOR'])) { 	Notice!
/registration.php
33:	echo '<b>�огин:</b><br/><input type="text" name="nick" maxlength="15" value="' . check($_POST['nick']) . '" /><br />'; 	Notice!
/registration.php
38:	echo '<div class="menu"><p>�м�:<br/><input type="text" name="imname" maxlength="30" value="' . check($_POST['imname']) . '" /><br />'; 	Notice!
/registration.php
40:	echo '<p>� �ебе: <small>(мак�. 500 �имволов)</small><br/><textarea rows="3" name="about">' . check($_POST['about']) . '</textarea></p></div>';

venom (20.12.2010/17:27)
Сканировал Джона
результат :
[php]Отчет сканирования:
All - (196) Errors - (9) Warnings - (183) Notices - (4)
184 - files scanned
/download/makdir.php
51:echo "<form action='?act=makdir&amp;cat

Ты функций фильтраций не указал. вот он на check в основном и ругается
А вот это сомого удивило $cat = $_GET['cat'];

он на все гет переменные ругаеться

RiSeD (20.12.2010/16:51)
прикольный сервис. конечно немного неправильный. но для начала норм..)

Да он еще молодой так что нечего лучше пока нет

Фuлuн (20.12.2010/17:55)
он на все гет переменные ругаеться

нефильтрованные

Фuлuн (20.12.2010/17:55)
он на все гет переменные ругаеться

Ошибаешся, не всегда, вот проверь файл без ошибок хоть и гет имеются

когда на вывод и в базу то ругается