magebash Posted July 10, 2008 Share Posted July 10, 2008 I am currently hosting this site on a free server until I get all the bugs out so I know it will be secure on a paid one. Could you please help me find some vulnerabilities and inform me about them. I know there are many still. Thanks. Here is the link: Click Here Username: demo Password: demo Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/ Share on other sites More sharing options...
dannyb785 Posted July 10, 2008 Share Posted July 10, 2008 I added a link <a href='javascript:alert(document.cookie);'>Click here</a> and when I clicked it, it gave me all sorts of neat information. With that knowledge, a hacker could do all sorts of mean things. Filter out javascript in links(and for that matter, in all posted data). Also, is there a way to edit my post? Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586738 Share on other sites More sharing options...
darkfreaks Posted July 10, 2008 Share Posted July 10, 2008 Vulnerability description By this form input is possible to upload a file to the server. This vulnerability affects /. The impact of this vulnerability User may upload malicious files to server. How to fix this vulnerability Check if the script inputs are properly validated. Password type input with autocomplete enabled The impact of this vulnerability Possible sensitive information disclosure How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> User credentials are sent in clear text The impact of this vulnerability A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection. How to fix this vulnerability Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection. Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586742 Share on other sites More sharing options...
magebash Posted July 10, 2008 Author Share Posted July 10, 2008 Edit post for? Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586750 Share on other sites More sharing options...
magebash Posted July 10, 2008 Author Share Posted July 10, 2008 You created 2000 rows with the <script> somehow. Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586757 Share on other sites More sharing options...
dannyb785 Posted July 10, 2008 Share Posted July 10, 2008 sorry, edit the thing i created Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586762 Share on other sites More sharing options...
magebash Posted July 10, 2008 Author Share Posted July 10, 2008 Go to http://possal.freehostia.com/members. From there login and go to view posts. You will see an edit option Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586770 Share on other sites More sharing options...
magebash Posted July 10, 2008 Author Share Posted July 10, 2008 i deleted everything in the table. Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586773 Share on other sites More sharing options...
magebash Posted July 10, 2008 Author Share Posted July 10, 2008 Should I just not allow links? Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586775 Share on other sites More sharing options...
darkfreaks Posted July 10, 2008 Share Posted July 10, 2008 Cross Site Scripting The impact of this vulnerability Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser. Attack details The GET variable dest has been set to >"><ScRiPt%20%0a%0d>alert(44514.6172421643)%3B</ScRiPt>. How to fix this vulnerability Your script should filter metacharacters from user input Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586777 Share on other sites More sharing options...
magebash Posted July 10, 2008 Author Share Posted July 10, 2008 Should I use the htmlentities() function to do so? Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586782 Share on other sites More sharing options...
darkfreaks Posted July 10, 2008 Share Posted July 10, 2008 that will work or strip_tags Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586785 Share on other sites More sharing options...
magebash Posted July 10, 2008 Author Share Posted July 10, 2008 on all $_GET things? Because I used it on $_POST Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586787 Share on other sites More sharing options...
darkfreaks Posted July 10, 2008 Share Posted July 10, 2008 just use it on the $_POST then. it shouldnt pick it up. Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586788 Share on other sites More sharing options...
magebash Posted July 10, 2008 Author Share Posted July 10, 2008 could you test it again? I think i fixed it. Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586793 Share on other sites More sharing options...
darkfreaks Posted July 10, 2008 Share Posted July 10, 2008 im scanning again it will be awhile but i will let you know, also make sure your upload script is validated as i said above it is not checking for malicious files. Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586795 Share on other sites More sharing options...
magebash Posted July 10, 2008 Author Share Posted July 10, 2008 how? How can i block the alerts? Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586801 Share on other sites More sharing options...
darkfreaks Posted July 10, 2008 Share Posted July 10, 2008 the alerts? you mean what danny boy did? if you changed it it shouldn't even be a problem. Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586804 Share on other sites More sharing options...
darkfreaks Posted July 10, 2008 Share Posted July 10, 2008 also here is a neat XSS function that should filter it. http://quickwired.com/smallprojects/php_xss_filter_function.php try using that on all $_GET and $_POST variables also you still have exploits this issue is not fixed yet Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586807 Share on other sites More sharing options...
magebash Posted July 10, 2008 Author Share Posted July 10, 2008 Oh i see the problem. Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586809 Share on other sites More sharing options...
darkfreaks Posted July 10, 2008 Share Posted July 10, 2008 let me know when your ready to scan again Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586811 Share on other sites More sharing options...
magebash Posted July 10, 2008 Author Share Posted July 10, 2008 why not htmlentities()? Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586813 Share on other sites More sharing options...
darkfreaks Posted July 10, 2008 Share Posted July 10, 2008 thats to convert html only you can still execute PHP and Javascript use strip_tags() Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586817 Share on other sites More sharing options...
magebash Posted July 10, 2008 Author Share Posted July 10, 2008 OK Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586818 Share on other sites More sharing options...
magebash Posted July 10, 2008 Author Share Posted July 10, 2008 i added strip tags to the rest of it. Try it now. Link to comment https://forums.phpfreaks.com/topic/114148-test-this-site/#findComment-586825 Share on other sites More sharing options...
Recommended Posts