malisa Posted August 7, 2008 Share Posted August 7, 2008 Hey all ! http://phptechhelp.com/ is designed especially for those who have started their career recently. It will definitely help them out in preparing Interview Questions as well as basics. Link to comment Share on other sites More sharing options...
darkfreaks Posted August 7, 2008 Share Posted August 7, 2008 um do you want someone to beta test this site for exploits ??? Input Type Password Autocomplete Enabled Password type input named pass from unnamed form with action ./process.php has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache. The impact of this vulnerability Possible sensitive information disclosure How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: < INPUT TYPE="password" AUTOCOMPLETE="off" > User credentials are sent in clear text The impact of this vulnerability A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection. How to fix this vulnerability Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection. Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 This version of Apache is vulnerable to HTML injection (including malicious Javascript code) through "Expect" header. Until not it was not classed as security vulnerability as an attacker has no way to influence the Expect header a victim will send to a target site. However, according to Amit Klein's paper: "Forging HTTP request headers with Flash" there is a working cross site scripting (XSS) attack against Apache 1.3.34, 2.0.57 and 2.2.1 (as long as the client browser is IE or Firefox, and it supports Flash 6/7+). Affected Apache versions (up to 1.3.34/2.0.57/2.2.1). This vulnerability affects Web Server. The impact of this vulnerability Malicious users may inject JavaScript, not allowed, ActiveX, HTML or Flash to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user. How to fix this vulnerability Upgrade to the latest Apache versions. This flaw has been corrected in Apache versions (1.3.35/2.0.58/2.2.2) Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability This alert was generated using only banner information. It may be a false positive. A stack-based buffer overflow has been reported in the Apache mod_ssl module. This issue would most likely result in a denial of service if triggered, but could theoretically allow for execution of arbitrary code. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, though this may not be the case with other architectures. Affected mod_ssl versions (up to 2.8.17). This vulnerability affects mod_ssl. The impact of this vulnerability Denial of service and/or possible arbitrary code execution. How to fix this vulnerability Upgrade mod_ssl to the latest version. Apache Mod_SSL Log Function Format String Vulnerability This alert was generated using only banner information. It may be a false positive. A format string vulnerability has been found in mod_ssl versions older than 2.8.19. Successful exploitation of this issue will most likely allow an attacker to execute arbitrary code on the affected computer. Affected mod_ssl versions (up to 2.8.18). This vulnerability affects mod_ssl. The impact of this vulnerability Denial of service and/or possible arbitrary code execution. How to fix this vulnerability Upgrade mod_ssl to the latest version. Link to comment Share on other sites More sharing options...
darkfreaks Posted August 7, 2008 Share Posted August 7, 2008 Files listed in robots.txt but not linked This file is listed in robots.txt but it's not linked anywhere in the site. The impact of this vulnerability Possible sensitive information disclosure. How to fix this vulnerability In robots.txt you should include only files or directories linked on the site. Apache Mod_Rewrite Off-By-One This alert was generated using only banner information. It may be a false positive. Apache mod_rewrite is prone to an off-by-one buffer-overflow condition. The vulnerability arising in the mod_rewrite module's ldap scheme handling allows for potential memory corruption when an attacker exploits certain rewrite rules. Affected Apache versions: Apache 1.3.28 - 1.3.36 with mod_rewrite Apache 2.2.0 - 2.2.2 with mod_rewrite Apache 2.0.46 - 2.0.58 with mod_rewrite This vulnerability affects Web Server. The impact of this vulnerability An attacker may exploit this issue to trigger a denial-of-service condition. Reportedly, arbitrary code execution may also be possible. Attack details Current version is Apache/1.3.34 How to fix this vulnerability Upgrade Apache to the latest version. Link to comment Share on other sites More sharing options...
darkfreaks Posted August 7, 2008 Share Posted August 7, 2008 GHDB: robots.txt file The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Files containing juicy info Webmasters wanting to exclude search engine robots from certain parts of their site often choose the use of a robot.txt file on the root of the server. This file basicly tells the bot which directories are supposed to be off-limits. An attacker can easily obtain that information by very simply opening that plain text file in his browser. Webmasters should *never* rely on this for real security issues. Google helps the attacker by allowing a search for the "disallow" keyword. This vulnerability affects /robots.txt. The impact of this vulnerability Not available. Check description. Attack details We found (inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt How to fix this vulnerability Not available. Check description Link to comment Share on other sites More sharing options...
Recommended Posts