Jump to content


Photo

Tutalicious - Tutorial Repository


  • This topic is locked This topic is locked
18 replies to this topic

#1 doddsey_65

doddsey_65

    Advanced Member

  • Members
  • PipPipPip
  • 904 posts
  • LocationNorth East UK
  • Age:26

Posted 08 February 2013 - 10:33 AM

Hi,

I am currently working on a new project called Tutalicious. This will be a huge tutorial repository with a broad range of categories ranging from things such as Web Development, 3D modelling to things like how to change a car headlight.

Users can submit their own tutorials via a youtube embed link, or can create their own text tutorials.
You can also rate tutorials and view user information.

The site is currently in it's Beta stage and I would like you to test it and make sure there are no bugs however big or small. And if you have any crits about the layout then I am open to them too.

More features will be coming once the site is deemed stable enough to move on.

http://beta.tutalici.../php_freaks.txt
http://beta.tutalicious.com

Thanks.
Test and help out with a new
100% open source forum package: A Simple Forum
Check the A Simple forum Github Page
Visit my Github profile to see what I work on.

#2 SocialCloud

SocialCloud

    Advanced Member

  • Members
  • PipPipPip
  • 613 posts

Posted 11 February 2013 - 08:16 AM

You have an XSS vulnerability with your search.

In Firefox version 13.0.1 the Sign in with Facebook button is a bit above the login and register buttons.

I would rather not create an account, especially without any clear indication what my errors in registering are. Do you have a test account?

#3 doddsey_65

doddsey_65

    Advanced Member

  • Members
  • PipPipPip
  • 904 posts
  • LocationNorth East UK
  • Age:26

Posted 11 February 2013 - 08:48 AM

Hi,

The problems with the search are only when you type, all html is escaped properly on the actual pages.

As for the template, I have a new design in the works which I will be showcasing soon.

Thanks
Test and help out with a new
100% open source forum package: A Simple Forum
Check the A Simple forum Github Page
Visit my Github profile to see what I work on.

#4 SocialCloud

SocialCloud

    Advanced Member

  • Members
  • PipPipPip
  • 613 posts

Posted 11 February 2013 - 09:35 AM

Taking a more in-depth look, I seem to have stumbled upon a test account testing sql injection
:psychic:
Anyways, I broke the submit by disabling javascript.

When you use firebug (in my case) to change the option value of the selection when submitting, it gives you a different page as to what it would be normally. What I'm talking about is, instead of a textbox for the link, it shows a content textarea.
Edit: I guess it defaults to a text-type submit, but it will continue even if you select "Choose a type"

The text-type submit does not work at all, and will continue to provide an error to provide an iframe link. Also when the error is given, the layout gets messed up.

Also when submitted, you aren't checking the extension of the file uploaded, I just uploaded two (two tests) "evil.php" files (blank) to your server. Also you should check if there are any vulnerabilities created from the submitting I did on your end other than the uploading. You should also be checking the iframe content, you say it must be youtube or vimeo on the home page, but a google iframe passed validation

Edited by SocialCloud, 11 February 2013 - 09:50 AM.


#5 doddsey_65

doddsey_65

    Advanced Member

  • Members
  • PipPipPip
  • 904 posts
  • LocationNorth East UK
  • Age:26

Posted 11 February 2013 - 11:25 AM

Hi,

iframe validation is done when they enter the approval queue, that's why there is an approval queue :)

I just tried uploading php and a JS file as the thumbnail and those did not work. I am checking the extension of the uploaded file. Your uploads did not go through as there is no directory associated with you.
You also say you used SQL injection to gain access to a user account. You registered a username called " ' " (single quote). How is this sql injection? I realise though i should add a min length to usernames :P

Also the manipulation of select elements isn't important to me. If a user decided to manipulate the HTML then it is their fault if it breaks their experience.
Test and help out with a new
100% open source forum package: A Simple Forum
Check the A Simple forum Github Page
Visit my Github profile to see what I work on.

#6 kicken

kicken

    Wiser? Not exactly.

  • Gurus
  • 2,709 posts
  • LocationBonita, FL

Posted 11 February 2013 - 12:05 PM

You have XSS problem with your tags, eg:
http://beta.tutalicious.com/app/ph%3Cimg%20src=%22.%22%20onerror=%22alert(hi');%22%3Ep.  Chrome saves you by detecting it and striping it.  Other browsers may not.

You have an XSS problem with your signup form.  For example enter: "> <img src="." onerror="alert('Hi!');"><b id=" for the username and mis-matching passwords to cause an error.  The same issue is present if for the email field.

The same XSS problem exists with your login form as well.



Recycle your old CD's, don't trash them!
Did I help you out?  Feeling generous? I accept tips via Paypal or Bitcoin @ 14mDxaob8Jgdg52scDbvf3uaeR61tB2yC7

#7 doddsey_65

doddsey_65

    Advanced Member

  • Members
  • PipPipPip
  • 904 posts
  • LocationNorth East UK
  • Age:26

Posted 11 February 2013 - 12:30 PM

Thanks for they reply,

Errors such as that will only ever be visible to the user who does them, I will however fixx the issue.

Thanks
Test and help out with a new
100% open source forum package: A Simple Forum
Check the A Simple forum Github Page
Visit my Github profile to see what I work on.

#8 Jessica

Jessica

    This is not my name.

  • Gurus
  • 8,982 posts
  • LocationDallas, TX
  • Age:26

Posted 11 February 2013 - 12:34 PM

You might want to read up on what XSS is.
My goal in replying to posts is to help you become a better programmer, including learning how to debug your own code and research problems. For that reason, rather than posting the solution, I reply with tips and hints on how to find the solution yourself. See below for useful links when you get stuck.

How to Get Good Help: How to Ask Questions | Don't be a help vampire
Debugging Your Code: Debugging your SQL | What does a php function do? | What does a term mean? | Don't see any errors?
Things You Should Do: Normalize Your Data | use print_r() or var_dump()
Lulz: "Functions should not have side effects." - trq

Please take a look at my new PHP/Web Dev blog: The Web Mason - Thanks!!

#9 kicken

kicken

    Wiser? Not exactly.

  • Gurus
  • 2,709 posts
  • LocationBonita, FL

Posted 11 February 2013 - 01:51 PM

Errors such as that will only ever be visible to the user who does them.


Wrong.  All someone has to do is craft a special URL then send it out to people.  Anyone who clicks that URL will then have that XSS problem. Someone can do quite a bit using XSS such as steal cookies, login information, personal details, etc.

http://bit.ly/XD0BVC <- click there for a sample (edit: in a browser that won't save you, such as firefox).

Edited by kicken, 11 February 2013 - 01:52 PM.

Recycle your old CD's, don't trash them!
Did I help you out?  Feeling generous? I accept tips via Paypal or Bitcoin @ 14mDxaob8Jgdg52scDbvf3uaeR61tB2yC7

#10 SocialCloud

SocialCloud

    Advanced Member

  • Members
  • PipPipPip
  • 613 posts

Posted 12 February 2013 - 08:21 AM

You also say you used SQL injection to gain access to a user account.

Testing sql injection...and if I registered it then your registration doesn't work properly as it always showed an error.

Back on topic, another XSS vulnerability on the profile page with their website

Edited by SocialCloud, 12 February 2013 - 08:22 AM.


#11 doddsey_65

doddsey_65

    Advanced Member

  • Members
  • PipPipPip
  • 904 posts
  • LocationNorth East UK
  • Age:26

Posted 14 February 2013 - 11:00 AM

Ok, thanks for the advice and bug testing.

I have removed all bugs mentioned and uploaded the new site design too.

If you find any more bugs please let me know.

Thanks
Test and help out with a new
100% open source forum package: A Simple Forum
Check the A Simple forum Github Page
Visit my Github profile to see what I work on.

#12 kicken

kicken

    Wiser? Not exactly.

  • Gurus
  • 2,709 posts
  • LocationBonita, FL

Posted 14 February 2013 - 11:19 AM

I have removed all bugs mentioned and uploaded the new site design too.


Your XSS vulnerability is still there.

Recycle your old CD's, don't trash them!
Did I help you out?  Feeling generous? I accept tips via Paypal or Bitcoin @ 14mDxaob8Jgdg52scDbvf3uaeR61tB2yC7

#13 doddsey_65

doddsey_65

    Advanced Member

  • Members
  • PipPipPip
  • 904 posts
  • LocationNorth East UK
  • Age:26

Posted 14 February 2013 - 01:46 PM

Can you be more specific. Which page?
Test and help out with a new
100% open source forum package: A Simple Forum
Check the A Simple forum Github Page
Visit my Github profile to see what I work on.

#14 kicken

kicken

    Wiser? Not exactly.

  • Gurus
  • 2,709 posts
  • LocationBonita, FL

Posted 14 February 2013 - 03:06 PM

The one I linked to up above:

http://bit.ly/XD0BVC <- click there for a sample (edit: in a browser that won't save you, such as firefox).


Recycle your old CD's, don't trash them!
Did I help you out?  Feeling generous? I accept tips via Paypal or Bitcoin @ 14mDxaob8Jgdg52scDbvf3uaeR61tB2yC7

#15 doddsey_65

doddsey_65

    Advanced Member

  • Members
  • PipPipPip
  • 904 posts
  • LocationNorth East UK
  • Age:26

Posted 14 February 2013 - 03:34 PM

Thanks, the error has been taken care of
Test and help out with a new
100% open source forum package: A Simple Forum
Check the A Simple forum Github Page
Visit my Github profile to see what I work on.

#16 kicken

kicken

    Wiser? Not exactly.

  • Gurus
  • 2,709 posts
  • LocationBonita, FL

Posted 14 February 2013 - 04:15 PM

Same problem exists with your tags still:
http://bit.ly/WrGb2C

Recycle your old CD's, don't trash them!
Did I help you out?  Feeling generous? I accept tips via Paypal or Bitcoin @ 14mDxaob8Jgdg52scDbvf3uaeR61tB2yC7

#17 doddsey_65

doddsey_65

    Advanced Member

  • Members
  • PipPipPip
  • 904 posts
  • LocationNorth East UK
  • Age:26

Posted 16 February 2013 - 02:10 PM

Thanks Kicken, that error has been taken care of.
Test and help out with a new
100% open source forum package: A Simple Forum
Check the A Simple forum Github Page
Visit my Github profile to see what I work on.

#18 SocialCloud

SocialCloud

    Advanced Member

  • Members
  • PipPipPip
  • 613 posts

Posted 19 February 2013 - 09:17 AM

There is a broken link for the current avatar in settings. At least once you first register.

#19 teynon

teynon

    Advanced Member

  • Members
  • PipPipPip
  • 895 posts

Posted 03 March 2013 - 01:08 PM

Just to add to some additional importance to the XSS vulnerabilities other users were discussing, visit: http://cwe.mitre.org...dex.html#CWE-79


Support my Kickstarter Project!
http://www.kickstart...7618755/antroid

http://www.thomaseynon.com

Vulnerabilities: http://cwe.mitre.org...x.html#Guidance - MySQL.com hacked with SQL Injection - If it happened to them, it can happen to you.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com