Jump to content

Recommended Posts

We are still fixing bugs and adding features, but we need people to test the site, there is a forum on there to post any bugs. One main exploit we are having a problem with is someone posting in a locked forum , without a post form, if someone here can do that can you show me how and how to stop it.

http://www.asia-underworld.com/

Thanks,

Blade

Link to comment
https://forums.phpfreaks.com/topic/108568-asia-underworld-mafia-game/
Share on other sites

Includes Directory:

http://www.asia-underworld.com/include/

 

Full Path Disclosure:

http://www.asia-underworld.com/include/connection.php

Fatal error: Undefined class name 'db' in /home/mosphait/public_html/include/connection.php on line 7

 

Full Path Disclosure:

http://www.asia-underworld.com/include/forms.php

Fatal error: Undefined class name 'db' in /home/mosphait/public_html/include/connection.php on line 7

 

Full Path Disclosure:

http://www.asia-underworld.com/gamethread.php?id=3&page=a

Warning: Cannot use a scalar value as an array in /home/mosphait/public_html/gamethread.php on line 64

 

You can lock threads you didn't create.

  • 1 month later...

User credentials are sent in clear text

The impact of this vulnerability

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

 

Password type input with autocomplete

 

The impact of this vulnerability

Possible sensitive information disclosure

Attack details

No details are available.

 

 

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">

 

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.