Bgmf Posted June 1, 2008 Share Posted June 1, 2008 Hello All experts this forum very interesting and knowledgeable , If you all can Test my this site for any Vuln. i would be thankfull to all PHPFreaks www.bgmafia.com its a online MMORPG game .PLease check my site and report me. And its a request If you find any hole in it. Please post here if find hole/Vuln. http://underground.bgmafia.com/ Thanks Regards Mafia Admin Link to comment Share on other sites More sharing options...
blufish Posted June 3, 2008 Share Posted June 3, 2008 this site doesn't look very appropriate... Link to comment Share on other sites More sharing options...
stuffradio Posted June 3, 2008 Share Posted June 3, 2008 this site doesn't look very appropriate...[/Quote] Ok... Bgmf did you purchase this script? If not, I'm sure it's not a legal script Link to comment Share on other sites More sharing options...
darkfreaks Posted July 6, 2008 Share Posted July 6, 2008 XSS Vunerability: The GET variable lid has been set to >'><ScRiPt%20%0a%0d>alert(396679925249)%3B</ScRiPt> XSS Vunerability: The GET variable lid has been set to '+style='background:url(JaVaScRiPt:alert(398079930983))'+invalidparam='. XSS Vunerability: The GET variable lid has been set to '+style='background:url(JaVaScRiPt:alert(398179931208))'+invalidparam='. XSS Vunerability: The GET variable lid has been set to '+style='background:url(JaVaScRiPt:alert(398479931607))'+invalidparam='. XSS Vunerability: The GET variable _lng has been set to >'><ScRiPt%20%0a%0d>alert(397079925475)%3B</ScRiPt>. XSS Vunerability: The GET variable _lng has been set to '+style='background:url(JaVaScRiPt:alert(398379931389))'+invalidparam='. XSS Vunerability: The GET variable _lng has been set to '+style='background:url(JaVaScRiPt:alert(398679931781))'+invalidparam='. Link to comment Share on other sites More sharing options...
darkfreaks Posted July 9, 2008 Share Posted July 9, 2008 Vulnerability description Password type input named f[pwd] from form named auth-register with action ?q=auth/register&lid=0 has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache. This vulnerability affects / (GET q=auth/register; POST z=gIlH&s=Register). The impact of this vulnerability Possible sensitive information disclosure Attack details No details are available. View HTTP headers Request POST //?q=auth/register HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.bgmafia.com Content-Length: 17 Cookie: session=62b97ae149d293d7c509a598b9e8d028;machine_id=317293029 Connection: Close Pragma: no-cache Referer: http://www.bgmafia.com/ Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse HTTP/1.0 200 OK X-Powered-By: PHP/5.2.3 Content-type: text/html; charset: utf-8;;charset=UTF-8 Set-Cookie: session=62b97ae149d293d7c509a598b9e8d028; expires=Wed, 09-Jul-2008 04:15:46 GMT; path=/; domain=.bgmafia.com Connection: close Date: Wed, 09 Jul 2008 03:45:46 GMT Server: lighttpdx View HTML response Launch the attack with HTTP Editor How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> Password type input with autocomplete enabled Vulnerability description Password type input named f[pwd] from form named auth-register with action ?q=auth/register&lid=4 has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache. This vulnerability affects / (GET q=auth/register&lid=4&z=gIlH). The impact of this vulnerability Possible sensitive information disclosure Attack details No details are available. View HTTP headers Request GET //?q=auth/register&lid=4&z=gIlH HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.bgmafia.com Cookie: session=62b97ae149d293d7c509a598b9e8d028;machine_id=317293029 Connection: Close Pragma: no-cache Referer: http://www.bgmafia.com/ Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse HTTP/1.0 200 OK X-Powered-By: PHP/5.2.3 Content-type: text/html; charset: utf-8;;charset=UTF-8 Set-Cookie: session=62b97ae149d293d7c509a598b9e8d028; expires=Wed, 09-Jul-2008 04:15:46 GMT; path=/; domain=.bgmafia.com Connection: close Date: Wed, 09 Jul 2008 03:45:46 GMT Server: lighttpdx View HTML response Launch the attack with HTTP Editor How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> Password type input with autocomplete enabled Vulnerability description Password type input named f[pwd] from form named auth-register with action ?q=auth/register&lid=0 has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache. This vulnerability affects / (GET q=auth/register&z=gIlH). The impact of this vulnerability Possible sensitive information disclosure Attack details No details are available. View HTTP headers Request GET //?q=auth/register&z=gIlH HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: www.bgmafia.com Cookie: session=62b97ae149d293d7c509a598b9e8d028;machine_id=317293029 Connection: Close Pragma: no-cache Referer: http://www.bgmafia.com/ Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse HTTP/1.0 200 OK X-Powered-By: PHP/5.2.3 Content-type: text/html; charset: utf-8;;charset=UTF-8 Set-Cookie: session=62b97ae149d293d7c509a598b9e8d028; expires=Wed, 09-Jul-2008 04:15:46 GMT; path=/; domain=.bgmafia.com Connection: close Date: Wed, 09 Jul 2008 03:45:47 GMT Server: lighttpdx View HTML response Launch the attack with HTTP Editor How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> Link to comment Share on other sites More sharing options...
Recommended Posts