Jump to content

[SOLVED] Hack me, non destructive please

blueman378

By blueman378
in Beta Test Your Stuff!

 Share

Recommended Posts

blueman378 Advanced Member

blueman378

Posted
Posted

hi guys, can you please try to get into our site, www.webspirited.com please no destructive stuff, funny is ok, like changing title ect, but please dont delete databases ect if you do get in,

 

so see what you can find, cheers

 

please email me at, hailwood@webspirited.com dont post here, if possible

Link to comment
https://forums.phpfreaks.com/topic/111947-solved-hack-me-non-destructive-please/
Share on other sites
BAD311 Newbie

BAD311

Posted
Posted

Force is right.

 

Here are a few pointers: Not enough color, especially for a "web design" company.

 

Add some color. In your case all this black is very boring, on top of that you have white fonts. Change it up, add some color, make it pop.

 

Also "I" would use a cool logo for my site name, not text at the very top that says "WEB SPIRITEDPROFESSIONAL WEBSITE DESIGN"

 

It's all about impressing your clients.

  • 2 weeks later...
darkfreaks Advanced Member

darkfreaks

Posted
Posted

Vulnerability description

HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.

This vulnerability affects Web Server.

The impact of this vulnerability

Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data.

Attack details

No details are available.

 

View HTTP headers

Request

TRACE /TRACE_test HTTP/1.0

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.webspirited.com

Connection: Close

Pragma: no-cache

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.0 200 OK

Date: Wed, 09 Jul 2008 15:39:29 GMT

Server: Apache/2.2.8 (Unix) mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.6 mod_perl/2.0.4 Perl/v5.8.8

Content-Type: message/http

X-Cache: MISS from pxy1

X-Cache-Lookup: NONE from pxy1:80

Via: 1.1 pxy1:80 (squid/2.7.STABLE2)

Connection: close View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

Disable TRACE Method on the web server.

 

 

 

Vulnerability description

A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks for known sensitive directories like: backup directories, database dumps, administration pages, temporary directories. Each of those directories may help an attacker to learn more about his target.

This vulnerability affects /webmail.

The impact of this vulnerability

This directory may expose sensitive information that may help an malicious user to prepare more advanced attacks.

Attack details

No details are available.

 

View HTTP headers

Request

GET /webmail HTTP/1.0

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.webspirited.com

Connection: Close

Pragma: no-cache

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.0 301 Moved Permanently

Date: Wed, 09 Jul 2008 15:43:23 GMT

Server: Apache/2.2.8 (Unix) mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.6 mod_perl/2.0.4 Perl/v5.8.8

Location: http://www.webspirited.com:2095

Content-Length: 0

Content-Type: application/cgi

X-Cache: MISS from pxy1

X-Cache-Lookup: MISS from pxy1:80

Via: 1.1 pxy1:80 (squid/2.7.STABLE2)

Connection: close View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

Restrict access to this directory or remove it from the website.

 

Web references

Security Focus : Ten Steps to a Cleaner Web Root

Possible sensitive directories

Vulnerability description

A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks for known sensitive directories like: backup directories, database dumps, administration pages, temporary directories. Each of those directories may help an attacker to learn more about his target.

This vulnerability affects /blog.

The impact of this vulnerability

This directory may expose sensitive information that may help an malicious user to prepare more advanced attacks.

 

Attack details

No details are available.

 

View HTTP headers

Request

GET /blog HTTP/1.0

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.webspirited.com

Connection: Close

Pragma: no-cache

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.0 301 Moved Permanently

Date: Wed, 09 Jul 2008 15:43:39 GMT

Server: Apache/2.2.8 (Unix) mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.6 mod_perl/2.0.4 Perl/v5.8.8

Location: http://www.webspirited.com/blog/

Content-Length: 240

Content-Type: text/html; charset=iso-8859-1

X-Cache: MISS from pxy1

X-Cache-Lookup: MISS from pxy1:80

Via: 1.1 pxy1:80 (squid/2.7.STABLE2)

Connection: close View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

Restrict access to this directory or remove it from the website.

 

 

  • 2 weeks later...
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.