Jump to content

Control Panel for clans

unidox

By unidox
in Beta Test Your Stuff!

 Share

Recommended Posts

unidox Advanced Member

unidox

Posted
Posted

I just finished the backend of the CMS to come. I am working on the template engine, and should have the front end in a few days.

 

Please, I want all tips, feedback, I dont care how flammable it is, I want to make this better.

 

Please try all normal stuff such as XSS, SQL Injection, ect

 

I will be releasing beta once I finish the front end, so enjoy!

 

www.pure-cp.com/beta/admin

User: demo

Pass: demo

 

Thanks :D

Link to comment
Share on other sites
darkfreaks Advanced Member

darkfreaks

Posted
Posted

Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability

Vulnerability description

This alert was generated using only banner information. It may be a false positive.

 

A stack-based buffer overflow has been reported in the Apache mod_ssl module. This issue would most likely result in a denial of service if triggered, but could theoretically allow for execution of arbitrary code. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, though this may not be the case with other architectures.

 

Affected mod_ssl versions (up to 2.8.17).

 

This vulnerability affects mod_ssl.

The impact of this vulnerability

Denial of service and/or possible arbitrary code execution.

 

Attack details

Current version is mod_ssl/2.2.8 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Unknown

 

How to fix this vulnerability

Upgrade mod_ssl to the latest version.

 

Apache Mod_SSL Log Function Format String Vulnerability

Vulnerability description

This alert was generated using only banner information. It may be a false positive.

 

A format string vulnerability has been found in mod_ssl versions older than 2.8.19. Successful exploitation of this issue will most likely allow an attacker to execute arbitrary code on the affected computer.

 

Affected mod_ssl versions (up to 2.8.18).

 

This vulnerability affects mod_ssl.

The impact of this vulnerability

Denial of service and/or possible arbitrary code execution.

 

Attack details

Current version is mod_ssl/2.2.8 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Unknown

 

How to fix this vulnerability

Upgrade mod_ssl to the latest version.

 

 

Link to comment
Share on other sites
darkfreaks Advanced Member

darkfreaks

Posted
Posted

Vulnerability description

HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.

This vulnerability affects Web Server.

The impact of this vulnerability

Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data.

How to fix this vulnerability

Disable TRACE Method on the web server.

 

Password input type autocomplete enabled

impact of exploit

 

possible information disclosure

 

affected files

admin/login.php

forums/index.php

 

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">

 

 

 

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.