schme16 Posted July 4, 2008 Share Posted July 4, 2008 I'm too worried about the design, that's not my part in the project. just need a few people to test the features out to see if there's any vulnerabilities in it, as its an accounting software as well as the UI for customers... http://hee.sg-php.com any suggestions are welcomed Thanks to everyone who helps! ~Shane.G Link to comment Share on other sites More sharing options...
Coreye Posted July 4, 2008 Share Posted July 4, 2008 Cross Site Scripting(XSS): http://hee.sg-php.com/index.php?content=browse&filters=*"><marquee><h1>Corey Link to comment Share on other sites More sharing options...
lt40 Posted July 4, 2008 Share Posted July 4, 2008 http://hee.sg-php.com/system/img/layout/other/logo.gif http://hee.sg-php.com/system/ http://hee.sg-php.com/system/admin/ Try just filling all you directories with a blank index.html file that's what I do. Link to comment Share on other sites More sharing options...
magebash Posted July 5, 2008 Share Posted July 5, 2008 When I select a movie to add to the cart, I cannot access the cart because there is no cart button. Link to comment Share on other sites More sharing options...
LooieENG Posted July 5, 2008 Share Posted July 5, 2008 http://hee.sg-php.com/system/img/layout/other/logo.gif http://hee.sg-php.com/system/ http://hee.sg-php.com/system/admin/ Try just filling all you directories with a blank index.html file that's what I do. .htaccess Options -Indexes Link to comment Share on other sites More sharing options...
darkfreaks Posted July 9, 2008 Share Posted July 9, 2008 Vulnerability description It seemes that user credentials are sent to /index.php in clear text. This vulnerability affects /index.php (GET content=register). The impact of this vulnerability A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection. Attack details No details are available. View HTTP headers Request GET /index.php?content=register HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: hee.sg-php.com Cookie: splash=visited Connection: Close Pragma: no-cache Referer: http://hee.sg-php.com/index.php Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse HTTP/1.1 200 OK Date: Wed, 09 Jul 2008 04:04:24 GMT Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 X-Powered-By: PHP/5.2.6 Connection: close Content-Type: text/html View HTML response Launch the attack with HTTP Editor How to fix this vulnerability Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection. This page was found as link but is inaccessible. This vulnerability affects /index.php (GET content=movie&id=1). The impact of this vulnerability Problems navigating the site. Attack details No details are available. How to fix this vulnerability Remove the links to this file or make this available. Vulnerability description Password type input named pasField from form named loginForm1 with action GET content=login has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache. This vulnerability affects /index.php (GET content=login). The impact of this vulnerability Possible sensitive information disclosure Attack details No details are available. View HTTP headers Request GET /index.php?content=login HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: hee.sg-php.com Cookie: splash=visited Connection: Close Pragma: no-cache Referer: http://hee.sg-php.com/index.php Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse HTTP/1.1 200 OK Date: Wed, 09 Jul 2008 04:04:02 GMT Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 X-Powered-By: PHP/5.2.6 Connection: close Content-Type: text/html View HTML response Launch the attack with HTTP Editor How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> Password type input with autocomplete enabled Vulnerability description Password type input named password from form named new_user_registration with action GET content=register has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache. This vulnerability affects /index.php (GET content=register). The impact of this vulnerability Possible sensitive information disclosure Attack details No details are available. View HTTP headers Request GET /index.php?content=register HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: hee.sg-php.com Cookie: splash=visited Connection: Close Pragma: no-cache Referer: http://hee.sg-php.com/index.php Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse HTTP/1.1 200 OK Date: Wed, 09 Jul 2008 04:04:24 GMT Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 X-Powered-By: PHP/5.2.6 Connection: close Content-Type: text/html View HTML response Launch the attack with HTTP Editor How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> Password type input with autocomplete enabled Vulnerability description Password type input named confirm from form named new_user_registration with action GET content=register has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache. This vulnerability affects /index.php (GET content=register). The impact of this vulnerability Possible sensitive information disclosure Attack details No details are available. View HTTP headers Request GET /index.php?content=register HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: hee.sg-php.com Cookie: splash=visited Connection: Close Pragma: no-cache Referer: http://hee.sg-php.com/index.php Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse HTTP/1.1 200 OK Date: Wed, 09 Jul 2008 04:04:24 GMT Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 X-Powered-By: PHP/5.2.6 Connection: close Content-Type: text/html View HTML response Launch the attack with HTTP Editor How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> Link to comment Share on other sites More sharing options...
Recommended Posts