test my site any one

[phaser]

can you test my site ? http://php-radio.dream-code.net/

 

login : http://php-radio.dream-code.net/pannel

 

station: test_station

username: admin

password: admin

[darkfreaks]

Password type input with autocomplete enabled

The impact of this vulnerability

Possible sensitive information disclosure

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">

 

[darkfreaks]

SQL Injection

 

Affected Files

 

panel/login.php

 

Fix:

 

mysql_real_escape_string() and trim() to filter injection

[Coreye]

Cross Site Scripting(XSS):

You can submit ">code when adding users.

 

Full Path Disclosure:

http://php-radio.dream-code.net/pannel/files.php?q=&pn=a&PLID=&view=1

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /mounted-storage/home37b/sub001/sc29565-MPEY/php-radio/pannel/files.php on line 130

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /mounted-storage/home37b/sub001/sc29565-MPEY/php-radio/pannel/files.php on line 158

 

Full Path Disclosure:

http://php-radio.dream-code.net/pannel/files.php?q[]

Warning: urldecode() expects parameter 1 to be string, array given in /mounted-storage/home37b/sub001/sc29565-MPEY/php-radio/pannel/files.php on line 100

[darkfreaks]

Cross Site Scripting (XSS)

Affected Files

player.php

Solution

strip_tags() to filter the Url make sure to also filter PHP_SELF ,SCRIPT_URL,SCRIPT_URI,REQUEST_URI

[darkfreaks]

Sensitive File

readme.txt

Solution

Remove it or  restrict access by chmodd

 

Vulnerability description

This script is vulnerable to PHPSESSID session fixation attacks.

 

By injecting a custom PHPSESSID is possible to alter the PHP session cookie. Attackers will normally manipulate cookie values to fraudulently authenticate themselves on a web site.

This vulnerability affects /pannel.

The impact of this vulnerability

By exploiting this vulnerability, an attacker may conduct a session fixation attack. In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server, thereby eliminating the need to obtain the user's session ID afterwards.

Attack details

No details are available.

 

How to fix this vulnerability

Set session.use_only_cookies = 1 from php.ini. This option enables administrators to make their users invulnerable to attacks which involve passing session ids in URLs; defaults to 0.

 

 

Vulnerability description

Web Scanner was able to create a test file in this directory. The name of the file created is Web_Scanner_Test_File.txt. You should remove this file after setting proper permissions.

This vulnerability affects /playlist.

The impact of this vulnerability

Unauthenticated users can create files on this directory.

How to fix this vulnerability

Verify directory permissions and check if write access is required

[phaser]

hi have a question.

 

Vulnerability description

Web Scanner was able to create a test file in this directory. The name of the file created is Web_Scanner_Test_File.txt. You should remove this file after setting proper permissions.

This vulnerability affects /playlist.

 

i have checked this but there is no Web_Scanner_Test_File.txt file in the dir /playlist or any other dir on my server so does it mean that PHPSESSID session fixation attacks does't work ?

 

[darkfreaks]

no it means there is a PHPSESSID attack. but my scanner tests remotely. not directly on the server.

[darkfreaks]

basically that tells you it could create that file if it wanted to but the program isnt design to harm the server. it just makes you aware of the exploit.

[phaser]

what's the scanner name that you use ?

[darkfreaks]

Acunetix