Jump to content

Text based game (If hacked non destructive please)


ababmxking

Recommended Posts

Me and my friend are building a text based drag racing game. We are still building it but I would like some beta testing on the stuff we have up now. We had some problems with hacking (hacking users but not the cpanel.) but i think we got that worked out. Theres already quite a bit of features that are up right now but theres still 15 or so more that are going to be added. We are also working on a paypal donation. Once you pay you get credits to get extra stuff. That should be up within a couple days.

 

If you don't understand the game please say so and i will explain it, since we dont have any kind of instructions on how to play the game since its still in beta mode we dont want to have to keep going back and changing it.

 

Thanks,

Carl

Link to comment
Share on other sites

all of my variables or just the ones that have to deal with $_POST or $_GET?

I use strip_tags and mysql_real_escape_string on the $_POST for the login, i need to do the same for register. On all the others i have atleast strip_tags

Link to comment
Share on other sites

aww ill have to search up on some then.

 

But my register had strip_tags and mysql_real_escape_string in it, so it would still let you register but you probally wouldnt know your username if you didnt know php very well. and i added trim to it as well.

Link to comment
Share on other sites

Full Path Disclosure:

http://www.racing-generation.com/other/rankbar.php

Warning: main(other/db_connect.php) [function.main]: failed to open stream: No such file or directory in /home/racingg/public_html/other/rankbar.php on line 3

 

Warning: main(other/db_connect.php) [function.main]: failed to open stream: No such file or directory in /home/racingg/public_html/other/rankbar.php on line 3

 

Warning: main() [function.include]: Failed opening 'other/db_connect.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/racingg/public_html/other/rankbar.php on line 3

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/rankbar.php on line 6

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/rankbar.php on line 6

 

Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home/racingg/public_html/other/rankbar.php on line 7

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/rankbar.php on line 9

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/rankbar.php on line 9

 

Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home/racingg/public_html/other/rankbar.php on line 10

 

Fatal error: Call to undefined function: makecomma() in /home/racingg/public_html/other/rankbar.php on line 18

 

Full Path Disclosure:

http://www.racing-generation.com/other/require.php

Warning: main(other/db_connect.php) [function.main]: failed to open stream: No such file or directory in /home/racingg/public_html/other/require.php on line 3

 

Warning: main(other/db_connect.php) [function.main]: failed to open stream: No such file or directory in /home/racingg/public_html/other/require.php on line 3

 

Warning: main() [function.include]: Failed opening 'other/db_connect.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/racingg/public_html/other/require.php on line 3

 

Warning: main(other/logincheck.php) [function.main]: failed to open stream: No such file or directory in /home/racingg/public_html/other/require.php on line 4

 

Warning: main(other/logincheck.php) [function.main]: failed to open stream: No such file or directory in /home/racingg/public_html/other/require.php on line 4

 

Warning: main() [function.include]: Failed opening 'other/logincheck.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/racingg/public_html/other/require.php on line 4

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/require.php on line 12

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/require.php on line 12

 

Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home/racingg/public_html/other/require.php on line 13

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/require.php on line 16

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/require.php on line 16

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/require.php on line 17

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/require.php on line 17

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/require.php on line 37

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/require.php on line 37

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/racingg/public_html/other/require.php on line 38

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/require.php on line 41

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/require.php on line 41

 

Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home/racingg/public_html/other/require.php on line 42

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/require.php on line 95

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/require.php on line 95

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/require.php on line 110

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/require.php on line 110

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/racingg/public_html/other/require.php on line 111

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/require.php on line 218

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/require.php on line 218

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/require.php on line 267

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/require.php on line 267

 

Full Path Disclosure:

http://www.racing-generation.com/other/require1.php

Warning: main(other/db_connect.php) [function.main]: failed to open stream: No such file or directory in /home/racingg/public_html/other/require1.php on line 3

 

Warning: main(other/db_connect.php) [function.main]: failed to open stream: No such file or directory in /home/racingg/public_html/other/require1.php on line 3

 

Warning: main() [function.include]: Failed opening 'other/db_connect.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/racingg/public_html/other/require1.php on line 3

 

Warning: main(other/logincheck.php) [function.main]: failed to open stream: No such file or directory in /home/racingg/public_html/other/require1.php on line 4

 

Warning: main(other/logincheck.php) [function.main]: failed to open stream: No such file or directory in /home/racingg/public_html/other/require1.php on line 4

 

Warning: main() [function.include]: Failed opening 'other/logincheck.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/racingg/public_html/other/require1.php on line 4

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/require1.php on line 14

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/require1.php on line 14

 

Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home/racingg/public_html/other/require1.php on line 15

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/require1.php on line 18

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/require1.php on line 18

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/require1.php on line 19

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/require1.php on line 19

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/require1.php on line 34

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/require1.php on line 34

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/racingg/public_html/other/require1.php on line 35

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/require1.php on line 38

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/require1.php on line 38

 

Warning: mysql_fetch_object(): supplied argument is not a valid MySQL result resource in /home/racingg/public_html/other/require1.php on line 39

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/require1.php on line 90

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/require1.php on line 90

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/require1.php on line 105

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/require1.php on line 105

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/racingg/public_html/other/require1.php on line 106

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/require1.php on line 213

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/require1.php on line 213

 

Warning: mysql_query() [function.mysql-query]: Access denied for user 'nobody'@'localhost' (using password: NO) in /home/racingg/public_html/other/require1.php on line 262

 

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/racingg/public_html/other/require1.php on line 262

Link to comment
Share on other sites

Vulnerability description

Password type input named vpass from unnamed form with action newreg.php has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache.

This vulnerability affects /newreg.php (POST user=&pass=&vpass=&email=&vmail=&referral_id=&submit=Register).

The impact of this vulnerability

Possible sensitive information disclosure

 

Attack details

No details are available.

 

View HTTP headers

Request

POST /newreg.php HTTP/1.0

Accept: */*

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.racing-generation.com

Content-Length: 61

Cookie: PHPSESSID=ce7020e8df0eb05654337b6a99c2c3b0

Connection: Close

Pragma: no-cache

Referer: http://www.racing-generation.com:80/newreg.php

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.1 200 OK

Date: Wed, 09 Jul 2008 03:31:16 GMT

Server: Apache/1.3.41 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b

X-Powered-By: PHP/4.4.7

Connection: close

Content-Type: text/html View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">

 

 

 

Vulnerability description

Password type input named pass from unnamed form with action index.php has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache.

This vulnerability affects /index.php.

The impact of this vulnerability

Possible sensitive information disclosure

 

Attack details

No details are available.

 

View HTTP headers

Request

GET /index.php HTTP/1.0

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.racing-generation.com

Cookie: PHPSESSID=ce7020e8df0eb05654337b6a99c2c3b0

Connection: Close

Pragma: no-cache

Referer: http://www.racing-generation.com:80/newreg.php

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.1 200 OK

Date: Wed, 09 Jul 2008 03:31:16 GMT

Server: Apache/1.3.41 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b

X-Powered-By: PHP/4.4.7

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Connection: close

Content-Type: text/html View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">

 

Vulnerability description

Password type input named pass from unnamed form with action newreg.php has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache.

This vulnerability affects /newreg.php.

The impact of this vulnerability

Possible sensitive information disclosure

 

Attack details

No details are available.

 

View HTTP headers

Request

GET /newreg.php HTTP/1.0

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.racing-generation.com

Cookie: PHPSESSID=ce7020e8df0eb05654337b6a99c2c3b0

Connection: Close

Pragma: no-cache

Referer: http://www.racing-generation.com:80/

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.1 200 OK

Date: Wed, 09 Jul 2008 03:31:15 GMT

Server: Apache/1.3.41 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b

X-Powered-By: PHP/4.4.7

Connection: close

Content-Type: text/html View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">

Password type input with autocomplete enabled

Vulnerability description

Password type input named vpass from unnamed form with action newreg.php has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache.

This vulnerability affects /newreg.php.

The impact of this vulnerability

Possible sensitive information disclosure

 

Attack details

No details are available.

 

View HTTP headers

Request

GET /newreg.php HTTP/1.0

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.racing-generation.com

Cookie: PHPSESSID=ce7020e8df0eb05654337b6a99c2c3b0

Connection: Close

Pragma: no-cache

Referer: http://www.racing-generation.com:80/

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.1 200 OK

Date: Wed, 09 Jul 2008 03:31:15 GMT

Server: Apache/1.3.41 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b

X-Powered-By: PHP/4.4.7

Connection: close

Content-Type: text/html View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">

 

Vulnerability description

Password type input named pass from unnamed form with action POST username=&pass=&submit=Submit has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache.

This vulnerability affects / (POST username=&pass=&submit=Submit).

The impact of this vulnerability

Possible sensitive information disclosure

 

Attack details

No details are available.

 

View HTTP headers

Request

POST // HTTP/1.0

Accept: */*

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.racing-generation.com

Content-Length: 29

Cookie: PHPSESSID=ce7020e8df0eb05654337b6a99c2c3b0

Connection: Close

Pragma: no-cache

Referer: http://www.racing-generation.com:80/

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.1 200 OK

Date: Wed, 09 Jul 2008 03:31:15 GMT

Server: Apache/1.3.41 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b

X-Powered-By: PHP/4.4.7

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Connection: close

Content-Type: text/html View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">

 

 

Vulnerability description

It seemes that user credentials are sent to / in clear text.

This vulnerability affects /.

The impact of this vulnerability

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

 

Attack details

No details are available.

 

View HTTP headers

Request

GET / HTTP/1.0

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.racing-generation.com

Connection: Close

Pragma: no-cache

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.1 200 OK

Date: Wed, 09 Jul 2008 03:31:14 GMT

Server: Apache/1.3.41 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b

X-Powered-By: PHP/4.4.7

Set-Cookie: PHPSESSID=ce7020e8df0eb05654337b6a99c2c3b0; path=/

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Connection: close

Content-Type: text/html View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.

 

User credentials are sent in clear text

Vulnerability description

It seemes that user credentials are sent to / in clear text.

This vulnerability affects / (POST username=&pass=&submit=Submit).

The impact of this vulnerability

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

 

Attack details

No details are available.

 

View HTTP headers

Request

POST // HTTP/1.0

Accept: */*

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.racing-generation.com

Content-Length: 29

Cookie: PHPSESSID=ce7020e8df0eb05654337b6a99c2c3b0

Connection: Close

Pragma: no-cache

Referer: http://www.racing-generation.com:80/

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.1 200 OK

Date: Wed, 09 Jul 2008 03:31:15 GMT

Server: Apache/1.3.41 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b

X-Powered-By: PHP/4.4.7

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Connection: close

Content-Type: text/html View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.

 

User credentials are sent in clear text

Vulnerability description

It seemes that user credentials are sent to /newreg.php in clear text.

This vulnerability affects /newreg.php.

The impact of this vulnerability

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

 

Attack details

No details are available.

 

View HTTP headers

Request

GET /newreg.php HTTP/1.0

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.racing-generation.com

Cookie: PHPSESSID=ce7020e8df0eb05654337b6a99c2c3b0

Connection: Close

Pragma: no-cache

Referer: http://www.racing-generation.com:80/

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.1 200 OK

Date: Wed, 09 Jul 2008 03:31:15 GMT

Server: Apache/1.3.41 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b

X-Powered-By: PHP/4.4.7

Connection: close

Content-Type: text/html View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.

 

User credentials are sent in clear text

Vulnerability description

It seemes that user credentials are sent to /newreg.php in clear text.

This vulnerability affects /newreg.php (POST user=&pass=&vpass=&email=&vmail=&referral_id=&submit=Register).

The impact of this vulnerability

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

 

Attack details

No details are available.

 

View HTTP headers

Request

POST /newreg.php HTTP/1.0

Accept: */*

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.racing-generation.com

Content-Length: 61

Cookie: PHPSESSID=ce7020e8df0eb05654337b6a99c2c3b0

Connection: Close

Pragma: no-cache

Referer: http://www.racing-generation.com:80/newreg.php

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.1 200 OK

Date: Wed, 09 Jul 2008 03:31:16 GMT

Server: Apache/1.3.41 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b

X-Powered-By: PHP/4.4.7

Connection: close

Content-Type: text/html View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.

 

User credentials are sent in clear text

Vulnerability description

It seemes that user credentials are sent to /index.php in clear text.

This vulnerability affects /index.php.

The impact of this vulnerability

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

 

Attack details

No details are available.

 

View HTTP headers

Request

GET /index.php HTTP/1.0

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.racing-generation.com

Cookie: PHPSESSID=ce7020e8df0eb05654337b6a99c2c3b0

Connection: Close

Pragma: no-cache

Referer: http://www.racing-generation.com:80/newreg.php

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.1 200 OK

Date: Wed, 09 Jul 2008 03:31:16 GMT

Server: Apache/1.3.41 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b

X-Powered-By: PHP/4.4.7

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Connection: close

Content-Type: text/html View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.

 

Vulnerability description

This page was found as link but is inaccessible.

This vulnerability affects /lost.php.

The impact of this vulnerability

Problems navigating the site.

 

Attack details

No details are available.

 

View HTTP headers

Request

GET /lost.php HTTP/1.0

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.racing-generation.com

Cookie: PHPSESSID=ce7020e8df0eb05654337b6a99c2c3b0

Connection: Close

Pragma: no-cache

Referer: http://www.racing-generation.com:80/

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.1 404 Not Found

Date: Wed, 09 Jul 2008 03:31:15 GMT

Server: Apache/1.3.41 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b

Connection: close

Content-Type: text/html

X-Pad: avoid browser bug View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

Remove the links to this file or make this available.

 

Broken links

Vulnerability description

This page was found as link but is inaccessible.

This vulnerability affects /tos.php.

The impact of this vulnerability

Problems navigating the site.

 

Attack details

No details are available.

 

View HTTP headers

Request

GET /tos.php HTTP/1.0

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.racing-generation.com

Cookie: PHPSESSID=ce7020e8df0eb05654337b6a99c2c3b0

Connection: Close

Pragma: no-cache

Referer: http://www.racing-generation.com:80/newreg.php

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.1 404 Not Found

Date: Wed, 09 Jul 2008 03:31:16 GMT

Server: Apache/1.3.41 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b

Connection: close

Content-Type: text/html

X-Pad: avoid browser bug View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

Remove the links to this file or make this available.

 

Broken links

Vulnerability description

This page was found as link but is inaccessible.

This vulnerability affects /other/other/style.css.

The impact of this vulnerability

Problems navigating the site.

 

Attack details

No details are available.

 

View HTTP headers

Request

GET /other/other/style.css HTTP/1.0

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.racing-generation.com

Cookie: PHPSESSID=ce7020e8df0eb05654337b6a99c2c3b0

Connection: Close

Pragma: no-cache

Referer: http://www.racing-generation.com:80/other/require.php

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.1 404 Not Found

Date: Wed, 09 Jul 2008 03:31:23 GMT

Server: Apache/1.3.41 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b

Connection: close

Content-Type: text/html

X-Pad: avoid browser bug View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

Remove the links to this file or make this available.

 

Broken links

Vulnerability description

This page was found as link but is inaccessible.

This vulnerability affects /other/function.include.

The impact of this vulnerability

Problems navigating the site.

 

Attack details

No details are available.

 

View HTTP headers

Request

GET /other/function.include HTTP/1.0

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.racing-generation.com

Cookie: PHPSESSID=ce7020e8df0eb05654337b6a99c2c3b0

Connection: Close

Pragma: no-cache

Referer: http://www.racing-generation.com:80/other/rankbar.php

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.1 404 Not Found

Date: Wed, 09 Jul 2008 03:31:23 GMT

Server: Apache/1.3.41 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b

Connection: close

Content-Type: text/html

X-Pad: avoid browser bug View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

Remove the links to this file or make this available.

 

Broken links

Vulnerability description

This page was found as link but is inaccessible.

This vulnerability affects /other/function.main.

The impact of this vulnerability

Problems navigating the site.

 

Attack details

No details are available.

 

View HTTP headers

Request

GET /other/function.main HTTP/1.0

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.racing-generation.com

Cookie: PHPSESSID=ce7020e8df0eb05654337b6a99c2c3b0

Connection: Close

Pragma: no-cache

Referer: http://www.racing-generation.com:80/other/rankbar.php

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.1 404 Not Found

Date: Wed, 09 Jul 2008 03:31:23 GMT

Server: Apache/1.3.41 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b

Connection: close

Content-Type: text/html

X-Pad: avoid browser bug View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

Remove the links to this file or make this available.

 

Broken links

Vulnerability description

This page was found as link but is inaccessible.

This vulnerability affects /other/function.mysql-query.

The impact of this vulnerability

Problems navigating the site.

 

Attack details

No details are available.

 

View HTTP headers

Request

GET /other/function.mysql-query HTTP/1.0

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.racing-generation.com

Cookie: PHPSESSID=ce7020e8df0eb05654337b6a99c2c3b0

Connection: Close

Pragma: no-cache

Referer: http://www.racing-generation.com:80/other/rankbar.php

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.1 404 Not Found

Date: Wed, 09 Jul 2008 03:31:23 GMT

Server: Apache/1.3.41 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b

Connection: close

Content-Type: text/html

X-Pad: avoid browser bug View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

Remove the links to this file or make this available.

 

Broken links

Vulnerability description

This page was found as link but is inaccessible.

This vulnerability affects /other/other/newstyle.css.

The impact of this vulnerability

Problems navigating the site.

 

Attack details

No details are available.

 

View HTTP headers

Request

GET /other/other/newstyle.css HTTP/1.0

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: www.racing-generation.com

Cookie: PHPSESSID=ce7020e8df0eb05654337b6a99c2c3b0

Connection: Close

Pragma: no-cache

Referer: http://www.racing-generation.com:80/other/require.php

Acunetix-Product: WVS/5.0 (Acunetix Web Vulnerability Scanner - EVALUATION)

Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED

Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htmResponse

HTTP/1.1 404 Not Found

Date: Wed, 09 Jul 2008 03:31:23 GMT

Server: Apache/1.3.41 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8b

Connection: close

Content-Type: text/html

X-Pad: avoid browser bug View HTML response

Launch the attack with HTTP Editor

How to fix this vulnerability

Remove the links to this file or make this available.

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.