felipeebs Posted July 19, 2008 Share Posted July 19, 2008 hey! this is my first big php 5 script, a forum script. is nothing like the bulletin boards you see arround the internet, but works. Now I want you to test it, to see what is missing (trust me, averything is missing) I need help to improve security and fix bugs first, so if you can help, thanks! u can access it at http://theeyeproject.com/forum/ my own domain, hosted on a free webhosting plan. T_T Best wishes: The Eye P.S.: If I left something in portuguese, I'm sorry! my english is very poor and I don't had much time to make it english. I'm working on it right now Link to comment Share on other sites More sharing options...
Loldongs Posted July 19, 2008 Share Posted July 19, 2008 I think you should strip the html so people cant do meatspin.com http://php.net/strip_tags Link to comment Share on other sites More sharing options...
darkfreaks Posted July 19, 2008 Share Posted July 19, 2008 Vulnerability description The web server is configured to display the list of files contained in this directory. This is not recommended because the directory may contain files that are not normally exposed through links on the web site. This vulnerability affects /forum/css. The impact of this vulnerability A user can view a list of all files from this directory possibly exposing sensitive information. Attack details We found <TITLE>Index of How to fix this vulnerability You should make sure the directory does not contain sensitive information or you may want to restrict directory listings from the web server configuration. Vulnerability description The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Sensitive Directories Many times, this search will reveal temporary files and directories on the web server. The information included in these files and directories will vary, but an attacker could use this information in an information gathering campaign. This vulnerability affects /forum/tmp. The impact of this vulnerability Not available. Check description. Attack details We found inurl:/tmp Link to comment Share on other sites More sharing options...
felipeebs Posted July 19, 2008 Author Share Posted July 19, 2008 I'll put offline for maintence and fix the bugs thank's, i'll reopen and post here! Link to comment Share on other sites More sharing options...
Recommended Posts