pjheliking Posted July 21, 2008 Share Posted July 21, 2008 I am messing around trying to learn php.... I have created a website so that i can test what i am doing. I am currently working on a registration system and login system this is what i am wanting to beta test with ya'll the website is http://www.clivethecucumber.co.uk underneath the login part click not got an account to register thanks oh im sure i dnt hav to tell ya that i can access these so use fake passwords ;p Link to comment Share on other sites More sharing options...
darkfreaks Posted July 22, 2008 Share Posted July 22, 2008 Password type input with autocomplete enabled The impact of this vulnerability Possible sensitive information disclosure How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 Vulnerability description This version of Apache is vulnerable to HTML injection (including malicious Javascript code) through "Expect" header. Until not it was not classed as security vulnerability as an attacker has no way to influence the Expect header a victim will send to a target site. However, according to Amit Klein's paper: "Forging HTTP request headers with Flash" there is a working cross site scripting (XSS) attack against Apache 1.3.34, 2.0.57 and 2.2.1 (as long as the client browser is IE or Firefox, and it supports Flash 6/7+). Affected Apache versions (up to 1.3.34/2.0.57/2.2.1). This vulnerability affects Web Server. The impact of this vulnerability Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user. How to fix this vulnerability Upgrade to the latest Apache versions. This flaw has been corrected in Apache versions (1.3.35/2.0.58/2.2.2) Cross Site Scripting(XSS) Afeected Files: /index.php How To Fix: filter your variables with trim(), mysql_real_escape_string(), and strip_tags() Link to comment Share on other sites More sharing options...
darkfreaks Posted July 22, 2008 Share Posted July 22, 2008 Cross site Scripting(XSS) Affected Files: register/index.php includes/ctmainsubmenu.php How To Fix: filter your variables with trim(), mysql_real_escape_string(), and strip_tags() Vulnerability description This script is vulnerable to PHPSESSID session fixation attacks. By injecting a custom PHPSESSID is possible to alter the PHP session cookie. Attackers will normally manipulate cookie values to fraudulently authenticate themselves on a web site. This vulnerability affects /. The impact of this vulnerability By exploiting this vulnerability, an attacker may conduct a session fixation attack. In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server, thereby eliminating the need to obtain the user's session ID afterwards. How to fix this vulnerability Set session.use_only_cookies = 1 from php.ini. This option enables administrators to make their users invulnerable to attacks which involve passing session ids in URLs; defaults to 0. Link to comment Share on other sites More sharing options...
pjheliking Posted July 22, 2008 Author Share Posted July 22, 2008 done the first fix but contacted the peeps behind it all and they said they wont change any settings . Link to comment Share on other sites More sharing options...
darkfreaks Posted July 22, 2008 Share Posted July 22, 2008 you still need to fix the XSS Link to comment Share on other sites More sharing options...
pjheliking Posted July 22, 2008 Author Share Posted July 22, 2008 i tried doin wat was said but i dont have access to change the php.ini and they are refusing to do it. plus the files mentioned are not sensitive one of them is just a menu so that i dnt have to go through the website editing every page when i change the menu. Link to comment Share on other sites More sharing options...
darkfreaks Posted July 22, 2008 Share Posted July 22, 2008 uhm i think you are referring to the PHPSESSID leak? please refer to the above XSS exploits and for the PHPSESSID leak make a .htaccess file and put php_value session.use_only_cookies 1 php_value session.use_trans_sid 0 Link to comment Share on other sites More sharing options...
darkfreaks Posted July 22, 2008 Share Posted July 22, 2008 or php_value session.use_only_cookies =1 php_value session.use_trans_sid =0 or php_value session.use_only_cookies =1; php_value session.use_trans_sid =0 ; in your php config file put <?php ini_set('session.use_trans_sid', 0); ini_set('session.use_only_cookies', 1);?> Link to comment Share on other sites More sharing options...
Recommended Posts