Could somebody give me feedback?

[waynewex]

Security wise, is it okay?

 

http://gtfonoob.net

[dannyb785]

didn't load for me

[waynewex]

That's strange. It's loading fine on this end.

[dannyb785]

ok now it loaded

 

[waynewex]

No security issues?

[darkfreaks]

testing now sorry

[waynewex]

You always seem to find something. 

[darkfreaks]

PHPSESSID Fixation ATTACK

 

 

Fix:

 

go  into php.ini and turn PHPSESSID user_session_cookies=0 to user_session_cookies=1

[darkfreaks]

Fix:

 

set session.use_only_cookies=0 to  session.use_only_cookies=1 in php.ini

 

 

Sensitive Directory Found

 

/img

 

Fix

 

Restrict Access to this directory

 

GHDB found (google hacking)

/tmp

Fix:

 

Remove file/directory or restrict access.

[waynewex]

So I did pretty well? 

[darkfreaks]

not really you have to go fix the PHPSESSID leak and restrict chmodd acess to those directories

[Warptweet]

HAHAAHHAAH, That front page letter was AWESOME! 90% of internet users just sitting there, eyes glued to the monitor, not even know what they're looking for (or something related).

 

You made me laugh for like ten minutes nonstop. HILARIOUS.

The articles there are funny too.

[dannyb785]

IN THE META TAGS: why bother using the keywords metatag when google don't even use, capitalists, you suck for reading my source

 

that made me lol

[darkfreaks]

GHDB: Possible PHP configuration file (config.php)

The description for this alert is contributed by the GHDB community, it may contain inappropriate language.

 

Category : Files containing passwords

 

This search brings up sites with "config.php" files. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. Most sites with forums run a PHP message base. This file gives you the keys to that forum, including FULL ADMIN access to the database. Way to go, googleDorks!!

This vulnerability affects /wp-includes/js/tinymce.

The impact of this vulnerability

Not available. Check description.

Attack details

We found

intitle:index.of config.php

 

How to fix this vulnerability

Not available. Check description

 

 

 

GHDB: Possible upload script

The description for this alert is contributed by the GHDB community, it may contain inappropriate language.

 

Category : Footholds

 

Searches for scripts that let you upload files which you can then execute on the server.

This vulnerability affects /wp-includes/js/swfupload/plugins.

The impact of this vulnerability

Not available. Check description.

 

Attack details

We found

"index of /" ( upload.cfm | upload.asp | upload.php | upload.cgi | upload.jsp | upload.pl )

 

How to fix this vulnerability

Not available. Check description

 

[darkfreaks]

to fix the config.php Exploit after reading up on it please restrict acess so it cant be read unless its required to read.

 

 

on your server set the file config.php permissions to 0 0 0

 

then in php everytme you include the config file do

 

 

<?php

chmod("config.php",0644); //makes file readable and writable

include("config.php");
?>

[darkfreaks]

my bad

Fix:

<?php

chmod("config.php",0400); //makes file readable to owner only 

include("config.php");
?>

[waynewex]

It's a wordpress installation? So I can't really mess around with code too much or I might throw off some other dependencies?

[darkfreaks]

you might post on there forums and see how to secure those exploits

[darkfreaks]

Input Type Password Autocomplete Enabled

Password type input named pass from unnamed form with action ./process.php has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache.

The impact of this vulnerability

Possible sensitive information disclosure

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: < INPUT TYPE="password" AUTOCOMPLETE="off" >

 

 

also make sure both the POST and GET variables are filtered wsith mysql_real_escape_string(),trim() and strip_tags()

 

i say this because i am detecting SQL and XSS injection

 

 

[dlate]

Input Type Password Autocomplete Enabled

Password type input named pass from unnamed form with action ./process.php has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache.

The impact of this vulnerability

Possible sensitive information disclosure

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: < INPUT TYPE="password" AUTOCOMPLETE="off" >

 

 

also make sure both the POST and GET variables are filtered wsith mysql_real_escape_string(),trim() and strip_tags()

 

i say this because i am detecting SQL and XSS injection

 

Hey dark, u seem to be the security king around here, is it wise to use all 3 escape_string, trim and strip tags or would one be sufficient to prevent XSS attacks?

[darkfreaks]

it would be wise yes trim() will stop extra spaces before or after a string. mysql_real_escape_string prevents SQL injection and strip_tags prevents most XSS injection 

[dlate]

hehe k thank you 

[dannyb785]

Input Type Password Autocomplete Enabled

Password type input named pass from unnamed form with action ./process.php has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache.

The impact of this vulnerability

Possible sensitive information disclosure

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: < INPUT TYPE="password" AUTOCOMPLETE="off" >

 

 

also make sure both the POST and GET variables are filtered wsith mysql_real_escape_string(),trim() and strip_tags()

 

i say this because i am detecting SQL and XSS injection

 

Hey dark, u seem to be the security king around here, is it wise to use all 3 escape_string, trim and strip tags or would one be sufficient to prevent XSS attacks?

 

 

Def. a good idea, and I would suggest you take it a tiny step further and instead of doing the same 3 functions each time, just make a function called something like escape_text() that takes in the $_GET or $_POST variable and returns the escaped text. It'd just make it a little easier

[dlate]

Input Type Password Autocomplete Enabled

Password type input named pass from unnamed form with action ./process.php has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache.

The impact of this vulnerability

Possible sensitive information disclosure

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: < INPUT TYPE="password" AUTOCOMPLETE="off" >

 

 

also make sure both the POST and GET variables are filtered wsith mysql_real_escape_string(),trim() and strip_tags()

 

i say this because i am detecting SQL and XSS injection

 

Hey dark, u seem to be the security king around here, is it wise to use all 3 escape_string, trim and strip tags or would one be sufficient to prevent XSS attacks?

 

 

Def. a good idea, and I would suggest you take it a tiny step further and instead of doing the same 3 functions each time, just make a function called something like escape_text() that takes in the $_GET or $_POST variable and returns the escaped text. It'd just make it a little easier

 

Yeah i currently have a function that checks if a string is set and not empty, then returns the string with trim, mysql escape and strip tags.

 

Thanks for the tips appreciate it