Asia Underworld Mafia Game

[DeanWhitehouse]

We are still fixing bugs and adding features, but we need people to test the site, there is a forum on there to post any bugs. One main exploit we are having a problem with is someone posting in a locked forum , without a post form, if someone here can do that can you show me how and how to stop it.

http://www.asia-underworld.com/

Thanks,

Blade

[Coreye]

Includes Directory:

http://www.asia-underworld.com/include/

 

Full Path Disclosure:

http://www.asia-underworld.com/include/connection.php

Fatal error: Undefined class name 'db' in /home/mosphait/public_html/include/connection.php on line 7

 

Full Path Disclosure:

http://www.asia-underworld.com/include/forms.php

Fatal error: Undefined class name 'db' in /home/mosphait/public_html/include/connection.php on line 7

 

Full Path Disclosure:

http://www.asia-underworld.com/gamethread.php?id=3&page=a

Warning: Cannot use a scalar value as an array in /home/mosphait/public_html/gamethread.php on line 64

 

You can lock threads you didn't create.

[DeanWhitehouse]

Ok, well i am going to be recoding and redesigning the forum's.

When i am i will post the code in the forum , for people to advise security on.

[darkfreaks]

User credentials are sent in clear text

The impact of this vulnerability

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

 

Password type input with autocomplete

 

The impact of this vulnerability

Possible sensitive information disclosure

Attack details

No details are available.

 

 

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">