DeanWhitehouse Posted June 3, 2008 Share Posted June 3, 2008 We are still fixing bugs and adding features, but we need people to test the site, there is a forum on there to post any bugs. One main exploit we are having a problem with is someone posting in a locked forum , without a post form, if someone here can do that can you show me how and how to stop it. http://www.asia-underworld.com/ Thanks, Blade Link to comment https://forums.phpfreaks.com/topic/108568-asia-underworld-mafia-game/ Share on other sites More sharing options...
Coreye Posted June 3, 2008 Share Posted June 3, 2008 Includes Directory: http://www.asia-underworld.com/include/ Full Path Disclosure: http://www.asia-underworld.com/include/connection.php Fatal error: Undefined class name 'db' in /home/mosphait/public_html/include/connection.php on line 7 Full Path Disclosure: http://www.asia-underworld.com/include/forms.php Fatal error: Undefined class name 'db' in /home/mosphait/public_html/include/connection.php on line 7 Full Path Disclosure: http://www.asia-underworld.com/gamethread.php?id=3&page=a Warning: Cannot use a scalar value as an array in /home/mosphait/public_html/gamethread.php on line 64 You can lock threads you didn't create. Link to comment https://forums.phpfreaks.com/topic/108568-asia-underworld-mafia-game/#findComment-556976 Share on other sites More sharing options...
DeanWhitehouse Posted June 3, 2008 Author Share Posted June 3, 2008 Ok, well i am going to be recoding and redesigning the forum's. When i am i will post the code in the forum , for people to advise security on. Link to comment https://forums.phpfreaks.com/topic/108568-asia-underworld-mafia-game/#findComment-556978 Share on other sites More sharing options...
darkfreaks Posted July 9, 2008 Share Posted July 9, 2008 User credentials are sent in clear text The impact of this vulnerability A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection. Password type input with autocomplete The impact of this vulnerability Possible sensitive information disclosure Attack details No details are available. How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> Link to comment https://forums.phpfreaks.com/topic/108568-asia-underworld-mafia-game/#findComment-585529 Share on other sites More sharing options...
Recommended Posts