Test my site for vulnerabilities and usability

[webmasterD]

Hey all. Please test my site for vulnerabilities: http://driber.net

 

Especially the photo album (it should not be accessible without a correct password) and the Online Notepad (click on applications) should be secure for any types of attacks.

 

And as for the Online Notepad, please test this for usability (try to screw something up, create accounts, try out lost password, changing profile, etc)

[darkfreaks]

Password type input autocomplete Enabled

impact of exloit

 

Possible imformation disclosure

 

How to Fix Exploit

 

< input type=password AUTOCOMPLETE="OFF" >

 

 

[darkfreaks]

Your  mod_ssl is out of date please upgrade it to a version higher than 2.8 

[Coreye]

Full Path Disclosure:

]http://driber.net/photos/login.php?page[]

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in *path_removed* on line 7

 

Full Path Disclosure:

http://driber.net/photos/includes/sanitize.php

Warning: include(*path_removed*) [function.include]: failed to open stream: No such file or directory in *path_removed* on line 2

 

Warning: include() [function.include]: Failed opening '*path_removed*' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in *path_removed* on line 2

 

[darkfreaks]

Vulnerability description

A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks for known sensitive directories like: backup directories, database dumps, administration pages, temporary directories. Each of those directories may help an attacker to learn more about his target.

This vulnerability affects /tmp.

,photos/data,photos/admin,trlefaq/download,chat/src,trlefaq/images/new.

 

 

The impact of this vulnerability

This directory may expose sensitive information that may help an malicious user to prepare more advanced attacks

How to fix this vulnerability

Restrict access to this directory or remove it from the website.

 

[darkfreaks]

Email address found

One or more email addresses have been found on this page. The majority of spam comes from email addresses harvested off the internet. The spam-bots (also known as email harvesters and email extractors) are programs that scour the internet looking for email addresses on any website they come across. Spambot programs look for strings like myname@mydomain.com and then record any addresses found.

The impact of this vulnerability

Email addresses posted on Web sites may attract spam.

How to fix this vulnerability

 

http://evolt.org/article/Spam_Proofing_Your_Website/20/41849/

[webmasterD]

Your  mod_ssl is out of date please upgrade it to a version higher than 2.8 

 

what did you use to check the version of mod_ssl?

because the version on my webhost (2.2.9) is the most recent. As of Apache 2, the mod_ssl no longer uses the old numbering scheme, and is built into Apache (which was just updated within the past month).

so you probably got a false positive

 

Full Path Disclosure:

]http://driber.net/photos/login.php?page[]

Full Path Disclosure:

http://driber.net/photos/includes/sanitize.php

 

good find, I have fixed them. how did you find /photos/includes/sanitize.php? lucky guess?

 

Email address found

 

Were all of the e-mail addresses you found inside the http://driber.net/homepage folder?

If so, I'm not bothered by them But they shouldn't occur in any other parts of my site.

 

[darkfreaks]

Vulnerability description

This alert was generated using only banner information. It may be a false positive.

 

A stack-based buffer overflow has been reported in the Apache mod_ssl module. This issue would most likely result in a denial of service if triggered, but could theoretically allow for execution of arbitrary code. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, though this may not be the case with other architectures.

Affected mod_ssl versions (up to 2.8.17).

 

This vulnerability affects mod_ssl.

The impact of this vulnerability

Denial of service and/or possible arbitrary code execution.

 

Attack details

Current version is mod_ssl/2.2.9 OpenSSL/0.9.8g DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.6

 

How to fix this vulnerability

Upgrade mod_ssl to the latest version.

 

[darkfreaks]

2.2.9 is not the latest version 2.8.17 is 

[webmasterD]

maybe you didn't read my last post thoroughly enough

 

2.2.9 is the version of apache which has the latest mod_ssl built into it

 

there isn't even version 2.2.9 of mod_ssl, so the program you use gave a false positive

[darkfreaks]

sorry read up on it, was a false positive it only affects older 1.0 versions 

 

also my scanner is not up to date i am going to update as of now and see if i still get a false readinf

[darkfreaks]

ok so i updated from Acunetix 5.0 to 5.1 and i still getting it then i read this

 

http://www.acunetix.com/support/false-positives.htm

 

was very helpful LOL i suppose i will read which version is on the server rather than looking at the exploit first 

[webmasterD]

hehe

 

so does anyone have any feedback about the Online Notepad application?

[darkfreaks]

im only a security tester but from the looks of it there is no way in hell anyone could pull off any sort of SQL or XSS injection on it nice work overall security wise

[blufish]

Hello, I tried doing a little        tried to drop the database, and execute php, but the notepad is pretty secure.  I liked it actually quite simple and clean.  The chat I didn't like to much because second time I tried to enter it it didn't work (after I dropped the database(Which I don't think worked)) I was going to try to hack the chat too.  Oh well nice site, simple good and stuff. make sure you tell the chat to strip_tags($chats).

[webmasterD]

appreciate the feedback, blufish

 

indeed, no database was dropped

and the chat does filter metacharacters

 

thanks for testing