Bgmf Posted June 1, 2008 Share Posted June 1, 2008 Hello All experts this forum very interesting and knowledgeable , If you all can Test my this site for any Vuln. i would be thankfull to all PHPFreaks www.bgmafia.com its a online MMORPG game .PLease check my site and report me. And its a request If you find any hole in it. Please post here if find hole/Vuln. http://underground.bgmafia.com/ Thanks Regards Mafia Admin Link to comment https://forums.phpfreaks.com/topic/108266-please-check-it-for-any-holevuln/ Share on other sites More sharing options...
blufish Posted June 3, 2008 Share Posted June 3, 2008 this site doesn't look very appropriate... Link to comment https://forums.phpfreaks.com/topic/108266-please-check-it-for-any-holevuln/#findComment-556143 Share on other sites More sharing options...
stuffradio Posted June 3, 2008 Share Posted June 3, 2008 this site doesn't look very appropriate...[/Quote] Ok... Bgmf did you purchase this script? If not, I'm sure it's not a legal script Link to comment https://forums.phpfreaks.com/topic/108266-please-check-it-for-any-holevuln/#findComment-556299 Share on other sites More sharing options...
darkfreaks Posted July 6, 2008 Share Posted July 6, 2008 XSS Vunerability: The GET variable lid has been set to >'><ScRiPt%20%0a%0d>alert(396679925249)%3B</ScRiPt> XSS Vunerability: The GET variable lid has been set to '+style='background:url(JaVaScRiPt:alert(398079930983))'+invalidparam='. XSS Vunerability: The GET variable lid has been set to '+style='background:url(JaVaScRiPt:alert(398179931208))'+invalidparam='. XSS Vunerability: The GET variable lid has been set to '+style='background:url(JaVaScRiPt:alert(398479931607))'+invalidparam='. XSS Vunerability: The GET variable _lng has been set to >'><ScRiPt%20%0a%0d>alert(397079925475)%3B</ScRiPt>. XSS Vunerability: The GET variable _lng has been set to '+style='background:url(JaVaScRiPt:alert(398379931389))'+invalidparam='. XSS Vunerability: The GET variable _lng has been set to '+style='background:url(JaVaScRiPt:alert(398679931781))'+invalidparam='. Link to comment https://forums.phpfreaks.com/topic/108266-please-check-it-for-any-holevuln/#findComment-582685 Share on other sites More sharing options...
darkfreaks Posted July 9, 2008 Share Posted July 9, 2008 Vulnerability description Password type input named f[pwd] from form named auth-register with action ?q=auth/register&lid=0 has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache. This vulnerability affects / (GET q=auth/register; POST z=gIlH&s=Register). The impact of this vulnerability Possible sensitive information disclosure Attack details No details are available. View HTTP headers Request POST //?q=auth/register HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.bgmafia.com Content-Length: 17 Cookie: session=62b97ae149d293d7c509a598b9e8d028;machine_id=317293029 Connection: Close Pragma: no-cache Referer: http://www.bgmafia.com/ Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse HTTP/1.0 200 OK X-Powered-By: PHP/5.2.3 Content-type: text/html; charset: utf-8;;charset=UTF-8 Set-Cookie: session=62b97ae149d293d7c509a598b9e8d028; expires=Wed, 09-Jul-2008 04:15:46 GMT; path=/; domain=.bgmafia.com Connection: close Date: Wed, 09 Jul 2008 03:45:46 GMT Server: lighttpdx View HTML response Launch the attack with HTTP Editor How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> Password type input with autocomplete enabled Vulnerability description Password type input named f[pwd] from form named auth-register with action ?q=auth/register&lid=4 has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache. This vulnerability affects / (GET q=auth/register&lid=4&z=gIlH). The impact of this vulnerability Possible sensitive information disclosure Attack details No details are available. View HTTP headers Request GET //?q=auth/register&lid=4&z=gIlH HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.bgmafia.com Cookie: session=62b97ae149d293d7c509a598b9e8d028;machine_id=317293029 Connection: Close Pragma: no-cache Referer: http://www.bgmafia.com/ Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse HTTP/1.0 200 OK X-Powered-By: PHP/5.2.3 Content-type: text/html; charset: utf-8;;charset=UTF-8 Set-Cookie: session=62b97ae149d293d7c509a598b9e8d028; expires=Wed, 09-Jul-2008 04:15:46 GMT; path=/; domain=.bgmafia.com Connection: close Date: Wed, 09 Jul 2008 03:45:46 GMT Server: lighttpdx View HTML response Launch the attack with HTTP Editor How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> Password type input with autocomplete enabled Vulnerability description Password type input named f[pwd] from form named auth-register with action ?q=auth/register&lid=0 has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache. This vulnerability affects / (GET q=auth/register&z=gIlH). The impact of this vulnerability Possible sensitive information disclosure Attack details No details are available. View HTTP headers Request GET //?q=auth/register&z=gIlH HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.bgmafia.com Cookie: session=62b97ae149d293d7c509a598b9e8d028;machine_id=317293029 Connection: Close Pragma: no-cache Referer: http://www.bgmafia.com/ Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse HTTP/1.0 200 OK X-Powered-By: PHP/5.2.3 Content-type: text/html; charset: utf-8;;charset=UTF-8 Set-Cookie: session=62b97ae149d293d7c509a598b9e8d028; expires=Wed, 09-Jul-2008 04:15:46 GMT; path=/; domain=.bgmafia.com Connection: close Date: Wed, 09 Jul 2008 03:45:47 GMT Server: lighttpdx View HTML response Launch the attack with HTTP Editor How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> Link to comment https://forums.phpfreaks.com/topic/108266-please-check-it-for-any-holevuln/#findComment-585035 Share on other sites More sharing options...
Recommended Posts