This is the home page. Its primary purpose is to provide a starting page for the user and provide instructions. There are no known vulnerabilties on the home.php page.

The index page has several global vulnerabilities.

SSLStrip can be used to downgrade the connection when the Enforce SSL button is selected.

Output fields such as the logged-in username, signature, and the footer are vulnerable to cross-site scripting.

The hints cookie and other cookies can be hacked to login as another user and gain admin access.

Cookies are missing the HTTPOnly attribute and may be accessed via cross-site scripting.

Check HTML comments for database credentials.

The "page" input parameter is vulnerable to insecure direct object reference. Fuzzing the parameter with administrative page names or system file paths is likely to yield results.

Directory Browsing: The entire site is vulnerable to directory browsing. Looking at the robots.txt file can provide hints of interesting directories.

The UID cookie is used in an SQL query allowing SQL injection via a cookie value.

Local File Inclusion: This page is vulnerable to local file inclusion if the user account under which PHP is running has access to files besides the intended web site files.

Remote File Inclusion: This page is vulnerable to remote file inclusion if the PHP server configuration parameters "allow_url_fopen" and "allow_url_include" are set to "On" in php.ini.