Looking for testers.

[awpti]

IgnitedJobs.com is a free job posting board.

 

Very simple and based upon the CodeIgniter Framework.

 

It's about 70% complete.

 

Looking for two things:

 

Comments on the design/content and comments on the security (break it if you can, please).

 

IgnitedJobs.com

[waynewex]

I wouldn't replace <script> tags with [removed]. You're telling a potential attacker that the route is blocked when really you should allow him to waste as much time as possible.

[awpti]

Faster they go away, the happier I am and the less bandwidth of mine they waste trying to figure it out.

 

Bots aren't generally going to provide a legit email address and neither will the vast majority of script kiddies, since doing so reveals them directly. The captcha stops the vast majority of bots in their tracks (so far as I've seen).

 

This site is makes heavy use of CodeIgniter built-in XSS Filter for all POST/GET/COOKIE content. I suppose I could replace "removed" with nothing. :>

 

EDIT: Modified the filter to just blank out the entries that are normally tagged as [removed]

[darkfreaks]

Password type input with autocomplete enabled

 

The impact of this vulnerability

Possible sensitive information disclosure

 

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">

Backup files

Vulnerability description

A possible backup file has been found on your webserver. These files are usually created by developers to backup their work.

The impact of this vulnerability

Backup files can contain script sources, configuration files or other sensitive information that may help an malicious user to prepare more advanced attacks.

 

How to fix this vulnerability

Remove the file(s) if they are not required on your website. As an additional step, it is recommended to implement a security policy within your organization to disallow creation of backup files in directories accessible from the web.

 

Possible sensitive directories

Vulnerability description

A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks for known sensitive directories like: backup directories, database dumps, administration pages, temporary directories. Each of those directories may help an attacker to learn more about his target.

The impact of this vulnerability

This directory may expose sensitive information that may help an malicious user to prepare more advanced attacks.

How to fix this vulnerability

Restrict access to this directory or remove it from the website.

 

Affected Directories:

 

/system

[darkfreaks]

Directories with write permissions enabled

Vulnerability description

Web Scanner was able to create a test file in this directory. The name of the file created is Web_Scanner_Test_File.txt. You should remove this file after setting proper permissions.

This vulnerability affects /about/privacy.

The impact of this vulnerability

Unauthenticated users can create files on this directory.

 

How to fix this vulnerability

Verify directory permissions and check if write access is required.

 

 

[awpti]

Password type input with autocomplete enabled

 

No password field exists. Not sure where your application is seeing the vulnerability.

 

Backup files

Vulnerability description

A possible backup file has been found on your webserver. These files are usually created by developers to backup their work.

 

No backup files exist within the structure. Nor have ever existed.

 

Possible sensitive directories

Vulnerability description

A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks for known sensitive directories like: backup directories, database dumps, administration pages, temporary directories. Each of those directories may help an attacker to learn more about his target.

 

Affected Directories:

/system

 

Easy enough to fix (though not terribly sensitive).

 

Directories with write permissions enabled

Vulnerability description

Web Scanner was able to create a test file in this directory. The name of the file created is Web_Scanner_Test_File.txt. You should remove this file after setting proper permissions.

This vulnerability affects /about/privacy.

 

Sounds like your app is catching a lot of false positives as /about/privacy is a Controller (www.ignitedjobs.com/index.php/about/privacy/)

 

By the way, what application are you using?

[darkfreaks]

Acunetix

[darkfreaks]

Acunetix

 

 

yes those errors are mainly pointing to show that  a hacker could upload or write files in those directories. it even tells you you need to chmod them or to restrict them. so this does not happen.

[darkfreaks]

The write directory has been fixed 

 

 

as ofr the sensitive file stuff goes  it does not pose much of a threat so you are good 

[awpti]

It can't write to a directory that never existed

 

That's weird positive for finding a writable directory.

 

It's saying it can write to a Controller Method within CodeIgniter (equivalent of http://ignitedjobs.com/index.php?/about/privacy/ or ignitedjobs.com/index.php/about/privacy/).

 

That's a nice application though, I'll give it a looksie. Thanks for the response and the glance!

 

If anyone would actually like to test it, please do so. Only feature left to be developed is the ability to edit your own post and/or 'renew' your post before the 90 day timeout.

[Coreye]

Cross Site Scripting(XSS):

You can submit ">code in all fields accept email.

 

You also seem to be deleting them as soon as we add them which means we can't test it.

[awpti]

Fixed that while you were testing. Was just in the middle of adding htmlentities() around input.

 

Was also doing some backend work and ended up truncing the table a dozen times.

 

Looks like things are getting better. Slowly.

 

HTMLEntities is a bit of a kludge. I need to put together a regex that just gives me a match and flat out denies the post.

[awpti]

I'll eventually make it so that further attempts to "validate" will just forward the user to the editor. As soon as I finish it.

[awpti]

FYI, created a changelog:

 

http://ignitedjobs.com/changelog.txt

 

[Coreye]

You may already know this but when you change the "Apply Here" link to an ID that doesn't exist you get:

 

A PHP Error was encountered

 

Severity: Notice

 

Message: Undefined offset: 0

 

Filename: views/out.php

 

Line Number: 8

[awpti]

Good catch.

 

I'll fix that when I get up. Off to bed now.

 

Appreciate the time you put into it. You helped me squash a couple annoyances

 

Now I just have to figure out how to over-ride CodeIgniter's 404 handler to use my own 404. Not quite as easy as over-riding KohanaPHP's 404 Event handler.

[awpti]

Okay.

 

I'm fairly confident I've caught all the major bugs/flaws.

 

Hammer it.

[darkfreaks]

Vulnerability description

Password type input named password from unnamed form with action /user/login has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache.

This vulnerability affects /css.

The impact of this vulnerability

Possible sensitive information disclosure

 

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">

[awpti]

Still at a loss as to why your application picks this up.

 

Oh well

 

ignitedjobs.com is feature complete and ready to roll, I think. Last thing left is to find a good design for it.