Guardian-Mage Posted July 31, 2008 Share Posted July 31, 2008 http://safetycharges.com/ It is a database containing information on Canadian Safety Cases and Convictions. Anything related to people getting hurt in the workplace. I just need people to test for exploits and such. Do NOT try doing anything involving buying accounts or more time, as those features are incomplete. Link to comment https://forums.phpfreaks.com/topic/117535-web-application-information-database/ Share on other sites More sharing options...
darkfreaks Posted July 31, 2008 Share Posted July 31, 2008 Password type input with autocomplete enabled Vulnerability description Password type input named pass from unnamed form with action has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache. This vulnerability affects /. The impact of this vulnerability Possible sensitive information disclosure How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> Vulnerability description This alert was generated using only banner information. It may be a false positive. A stack-based buffer overflow has been reported in the Apache mod_ssl module. This issue would most likely result in a denial of service if triggered, but could theoretically allow for execution of arbitrary code. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, though this may not be the case with other architectures. Affected mod_ssl versions (up to 2.8.17). This vulnerability affects mod_ssl. The impact of this vulnerability Denial of service and/or possible arbitrary code execution. Attack details Current version is mod_ssl/2.2.9 OpenSSL/0.9.8g DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.6 How to fix this vulnerability Upgrade mod_ssl to the latest version. Vulnerability description This alert was generated using only banner information. It may be a false positive. A format string vulnerability has been found in mod_ssl versions older than 2.8.19. Successful exploitation of this issue will most likely allow an attacker to execute arbitrary code on the affected computer. Affected mod_ssl versions (up to 2.8.18). This vulnerability affects mod_ssl. The impact of this vulnerability Denial of service and/or possible arbitrary code execution. Attack details Current version is mod_ssl/2.2.9 OpenSSL/0.9.8g DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.6 How to fix this vulnerability Upgrade mod_ssl to the latest version Link to comment https://forums.phpfreaks.com/topic/117535-web-application-information-database/#findComment-604746 Share on other sites More sharing options...
darkfreaks Posted July 31, 2008 Share Posted July 31, 2008 Vulnerability description This script is possibly vulnerable to Cross Site Scripting (XSS) attacks. Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser. This vulnerability affects /freetrial.php. The impact of this vulnerability Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user. How to fix this vulnerability Your script should filter metacharacters from user input. using strip_tags or html_entities. PHPSESSID session fixation Vulnerability description This script is vulnerable to PHPSESSID session fixation attacks. By injecting a custom PHPSESSID is possible to alter the PHP session cookie. Attackers will normally manipulate cookie values to fraudulently authenticate themselves on a web site. This vulnerability affects /. The impact of this vulnerability By exploiting this vulnerability, an attacker may conduct a session fixation attack. In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server, thereby eliminating the need to obtain the user's session ID afterwards. How to fix this vulnerability Set session.use_only_cookies = 1 from php.ini. This option enables administrators to make their users invulnerable to attacks which involve passing session ids in URLs; defaults to 0. Link to comment https://forums.phpfreaks.com/topic/117535-web-application-information-database/#findComment-604750 Share on other sites More sharing options...
darkfreaks Posted July 31, 2008 Share Posted July 31, 2008 Email address found Vulnerability description One or more email addresses have been found on this page. The majority of spam comes from email addresses harvested off the internet. The spam-bots (also known as email harvesters and email extractors) are programs that scour the internet looking for email addresses on any website they come across. Spambot programs look for strings like myname@mydomain.com and then record any addresses found. This vulnerability affects /contactus.php. The impact of this vulnerability Email addresses posted on Web sites may attract spam. Attack details We found wilson@globaltrainingedge.com brandon.wamboldt@northernlightstech.com How to fix this vulnerability http://evolt.org/article/Spam_Proofing_Your_Website/20/41849/ Link to comment https://forums.phpfreaks.com/topic/117535-web-application-information-database/#findComment-604762 Share on other sites More sharing options...
Guardian-Mage Posted July 31, 2008 Author Share Posted July 31, 2008 Spam isn't a big worry, so I left the emails there I have requested that mod_ssl be upgraded I have htmlentities and strip tags, but I think they are in the wrong order. The user you created looks like: >'><ScRiPt>alert(41006.4979944444);... and I will add the auto complete thing What scanner are you using Link to comment https://forums.phpfreaks.com/topic/117535-web-application-information-database/#findComment-604765 Share on other sites More sharing options...
darkfreaks Posted July 31, 2008 Share Posted July 31, 2008 Acunetix why ??? Link to comment https://forums.phpfreaks.com/topic/117535-web-application-information-database/#findComment-604769 Share on other sites More sharing options...
Guardian-Mage Posted July 31, 2008 Author Share Posted July 31, 2008 thanks why did you create 150 accounts? Was it the scanner? Either way, I have a cron that deletes trial accounts not activated after 6 hours Link to comment https://forums.phpfreaks.com/topic/117535-web-application-information-database/#findComment-604771 Share on other sites More sharing options...
darkfreaks Posted July 31, 2008 Share Posted July 31, 2008 hahah yeah it was the scanner i have no control over that just delete the accounts and make sure you fix the XSS in freetrial.php Link to comment https://forums.phpfreaks.com/topic/117535-web-application-information-database/#findComment-604778 Share on other sites More sharing options...
Guardian-Mage Posted July 31, 2008 Author Share Posted July 31, 2008 is XSS a big worry when I use Sessions, cookies, and IP address tracking? MY script verifies the sessions against the cookies, the cookies against the sessions, and the current IP/browser information against records. If the user changes User Agents it would log them out. So is XSS a problem? And now users can only have certain characters in there name Link to comment https://forums.phpfreaks.com/topic/117535-web-application-information-database/#findComment-604787 Share on other sites More sharing options...
darkfreaks Posted July 31, 2008 Share Posted July 31, 2008 strip_tags usuually takes care of the problem. Link to comment https://forums.phpfreaks.com/topic/117535-web-application-information-database/#findComment-604824 Share on other sites More sharing options...
darkfreaks Posted August 3, 2008 Share Posted August 3, 2008 Just to let You know your MOD SSL is fine it was a false alert sorry :-\ Link to comment https://forums.phpfreaks.com/topic/117535-web-application-information-database/#findComment-606910 Share on other sites More sharing options...
Recommended Posts