Dox Web musicman

Target:http://mm.cubizone.com/splash/pre-register/?id=mmobt%27

By Kyfx

Vuln to many attacks but need to bypass walls and holes

Web might need to attack with a Dos DIOS attack or a botnet spoof attacking using Black Fake Mail using a ip address all dump with email and pw's!


Error
PHP Notice – yii\base\ErrorException

Undefined variable: sid
1. in /var/www/mmo/site/splash/pre-register/controllers/SiteController.php at line 103
949596979899100101102103104105106107108109110111112            foreach($regdetails as $data){
                $registerid = $data['registration_id'];
                $registername = $data['registration_name'];
                $registerdesc = $data['registration_desc'];
                $registercode = strtolower($data['registration_code']);
                $registerbg = $data['registration_bg'];
                $sid = $data['sid'];
            }

            if($sid == 1)
            {

                if( Yii::$app->request->isAjax && $model2->load($_POST) )
                {
                    Yii::$app->response->format = 'json';
                    return \yii\widgets\ActiveForm::validate($model2);
                }

                if( $model->load(Yii::$app->request->post()) && $model2->load(Yii::$app->request->post()) ){
2. in /var/www/mmo/site/splash/pre-register/controllers/SiteController.php – yii\base\ErrorHandler::handleError(8, 'Undefined variable: sid', '/var/www/mmo/site/splash/pre-reg...', 103, ...) at line 103
3. app\controllers\SiteController::actionIndex()
4. in /var/www/mmo/site/splash/pre-register/vendor/yiisoft/yii2/base/InlineAction.php – call_user_func_array([app\controllers\SiteController, 'actionIndex'], []) at line 55
495051525354555657        $args = $this->controller->bindActionParams($this, $params);
        Yii::trace('Running action: ' . get_class($this->controller) . '::' . $this->actionMethod . '()', __METHOD__);
        if (Yii::$app->requestedParams === null) {
            Yii::$app->requestedParams = $args;
        }

        return call_user_func_array([$this->controller, $this->actionMethod], $args);
    }
}
5. in /var/www/mmo/site/splash/pre-register/vendor/yiisoft/yii2/base/Controller.php – yii\base\InlineAction::runWithParams(['id' => 'mmobt'']) at line 151
145146147148149150151152153154155156157        }

        $result = null;

        if ($runAction && $this->beforeAction($action)) {
            // run the action
            $result = $action->runWithParams($params);

            $result = $this->afterAction($action, $result);

            // call afterAction on modules
            foreach ($modules as $module) {
                /* @var $module Module */
6. in /var/www/mmo/site/splash/pre-register/vendor/yiisoft/yii2/base/Module.php – yii\base\Controller::runAction('', ['id' => 'mmobt'']) at line 455
449450451452453454455456457458459460461        $parts = $this->createController($route);
        if (is_array($parts)) {
            /* @var $controller Controller */
            list($controller, $actionID) = $parts;
            $oldController = Yii::$app->controller;
            Yii::$app->controller = $controller;
            $result = $controller->runAction($actionID, $params);
            Yii::$app->controller = $oldController;

            return $result;
        } else {
            $id = $this->getUniqueId();
            throw new InvalidRouteException('Unable to resolve the request "' . ($id === '' ? $route : $id . '/' . $route) . '".');
7. in /var/www/mmo/site/splash/pre-register/vendor/yiisoft/yii2/web/Application.php – yii\base\Module::runAction('', ['id' => 'mmobt'']) at line 84
78798081828384858687888990            $params = $this->catchAll;
            unset($params[0]);
        }
        try {
            Yii::trace("Route requested: '$route'", __METHOD__);
            $this->requestedRoute = $route;
            $result = $this->runAction($route, $params);
            if ($result instanceof Response) {
                return $result;
            } else {
                $response = $this->getResponse();
                if ($result !== null) {
                    $response->data = $result;
8. in /var/www/mmo/site/splash/pre-register/vendor/yiisoft/yii2/base/Application.php – yii\web\Application::handleRequest(yii\web\Request) at line 375
369370371372373374375376377378379380381        try {

            $this->state = self::STATE_BEFORE_REQUEST;
            $this->trigger(self::EVENT_BEFORE_REQUEST);

            $this->state = self::STATE_HANDLING_REQUEST;
            $response = $this->handleRequest($this->getRequest());

            $this->state = self::STATE_AFTER_REQUEST;
            $this->trigger(self::EVENT_AFTER_REQUEST);

            $this->state = self::STATE_SENDING_RESPONSE;
            $response->send();
9. in /var/www/mmo/site/splash/pre-register/index.php – yii\base\Application::run() at line 12
6789101112
require(__DIR__ . '/vendor/autoload.php');
require(__DIR__ . '/vendor/yiisoft/yii2/Yii.php');

$config = require(__DIR__ . '/config/web.php');

(new yii\web\Application($config))->run();
 $_GET = [
    'id' => 'mmobt\'',
];

$_SERVER = [
    'HTTP_HOST' => 'mm.cubizone.com',
    'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
    'HTTP_ACCEPT_ENCODING' => 'gzip, deflate, sdch',
    'HTTP_ACCEPT_LANGUAGE' => 'en-US,en;q=0.8,th;q=0.6',
    'HTTP_COOKIE' => 'PHPSESSID=4l3hpj593okkr2grvjbti9jmm7; __unam=c1ad6b-14ea56b5f5d-4916bff0-2; _csrf=80ceb56ab074196723d0c41704f1b1d764ce5d406e66557e5649960c2a3a833ca%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22viA26svehGWIXPZwcWztYtC8x-IaHo3r%22%3B%7D; _ga=GA1.2.922357702.1435630558; _gat=1; e301ddb99d2aca8a885fd2c2636a1d62=vcojvoc5pjoa1qfojuv4t5l0f4',
    'HTTP_FORWARDED' => 'for=125.134.202.74',
    'HTTP_SCHEME' => 'http',
    'HTTP_UPGRADE_INSECURE_REQUESTS' => '1',
    'HTTP_VIA' => '1.1 Chrome-Compression-Proxy',
    'HTTP_X_FORWARDED_FOR' => '125.134.202.74',
    'HTTP_CONNECTION' => 'Keep-alive',
    'HTTP_USER_AGENT' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.107 Safari/537.36',
    'PATH' => '/usr/local/bin:/usr/bin:/bin',
    'SERVER_SIGNATURE' => '
Apache/2.2.22 (Ubuntu) Server at mm.cubizone.com Port 80

',
    'SERVER_SOFTWARE' => 'Apache/2.2.22 (Ubuntu)',
    'SERVER_NAME' => 'mm.cubizone.com',
    'SERVER_ADDR' => '110.74.182.185',
    'SERVER_PORT' => '80',
    'REMOTE_ADDR' => '66.249.82.188',
    'DOCUMENT_ROOT' => '/var/www/mmo/site',
    'SERVER_ADMIN' => '[no address given]',
    'SCRIPT_FILENAME' => '/var/www/mmo/site/splash/pre-register/index.php',
    'REMOTE_PORT' => '38381',
    'GATEWAY_INTERFACE' => 'CGI/1.1',
    'SERVER_PROTOCOL' => 'HTTP/1.1',
    'REQUEST_METHOD' => 'GET',
    'QUERY_STRING' => 'id=mmobt%27',
    'REQUEST_URI' => '/splash/pre-register/?id=mmobt%27',
    'SCRIPT_NAME' => '/splash/pre-register/index.php',
    'PHP_SELF' => '/splash/pre-register/index.php',
    'REQUEST_TIME_FLOAT' => 1437833679.6359999,
    'REQUEST_TIME' => 1437833679,
];

$_COOKIE = [
    'PHPSESSID' => '4l3hpj593okkr2grvjbti9jmm7',
    '__unam' => 'c1ad6b-14ea56b5f5d-4916bff0-2',
    '_csrf' => '80ceb56ab074196723d0c41704f1b1d764ce5d406e66557e5649960c2a3a833ca:2:{i:0;s:5:"_csrf";i:1;s:32:"viA26svehGWIXPZwcWztYtC8x-IaHo3r";}',
    '_ga' => 'GA1.2.922357702.1435630558',
    '_gat' => '1',
    'e301ddb99d2aca8a885fd2c2636a1d62' => 'vcojvoc5pjoa1qfojuv4t5l0f4',
];
Yii Framework
2015-07-25, 14:14:40

Apache/2.2.22 (Ubuntu)
Yii Framework/2.0.4