Zepo. Posted August 7, 2008 Share Posted August 7, 2008 Just finished most of the main features. http://www.elitegpt.com Comments, criticism, and security tests welcome. Link to comment Share on other sites More sharing options...
darkfreaks Posted August 7, 2008 Share Posted August 7, 2008 Password type input with autocomplete enabled Password type input named password from unnamed form with action http://elitegpt.com/forum/member.php has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache. This vulnerability affects /. The impact of this vulnerability Possible sensitive information disclosure How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> User credentials are sent in clear text It seems that user credentials are sent in clear text. The impact of this vulnerability A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection. How to fix this vulnerability Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection. Link to comment Share on other sites More sharing options...
darkfreaks Posted August 7, 2008 Share Posted August 7, 2008 Apache Mod_SSL Log Function Format String Vulnerability This alert was generated using only banner information. It may be a false positive. A format string vulnerability has been found in mod_ssl versions older than 2.8.19. Successful exploitation of this issue will most likely allow an attacker to execute arbitrary code on the affected computer. Affected mod_ssl versions (up to 2.8.18). This vulnerability affects mod_ssl. The impact of this vulnerability Denial of service and/or possible arbitrary code execution. How to fix this vulnerability Upgrade mod_ssl to the latest version. Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 This version of Apache is vulnerable to HTML injection (including malicious Javascript code) through "Expect" header. Until not it was not classed as security vulnerability as an attacker has no way to influence the Expect header a victim will send to a target site. However, according to Amit Klein's paper: "Forging HTTP request headers with Flash" there is a working cross site scripting (XSS) attack against Apache 1.3.34, 2.0.57 and 2.2.1 (as long as the client browser is IE or Firefox, and it supports Flash 6/7+). Affected Apache versions (up to 1.3.34/2.0.57/2.2.1). This vulnerability affects Web Server. The impact of this vulnerability Malicious users may inject JavaScript, not allowed, ActiveX, HTML or Flash to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user. How to fix this vulnerability Upgrade to the latest Apache versions. This flaw has been corrected in Apache versions (1.3.35/2.0.58/2.2.2) Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability This alert was generated using only banner information. It may be a false positive. A stack-based buffer overflow has been reported in the Apache mod_ssl module. This issue would most likely result in a denial of service if triggered, but could theoretically allow for execution of arbitrary code. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, though this may not be the case with other architectures. Affected mod_ssl versions (up to 2.8.17). This vulnerability affects mod_ssl. The impact of this vulnerability Denial of service and/or possible arbitrary code execution. How to fix this vulnerability Upgrade mod_ssl to the latest version. Link to comment Share on other sites More sharing options...
darkfreaks Posted August 7, 2008 Share Posted August 7, 2008 Blind SQL/XPath injection This script is possibly vulnerable to SQL/XPath Injection attacks. SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters. This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable. XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input. This vulnerability affects /forum/member.php /forum/calendar.php /forum/forumdisplay.php /forum/memberlist.php /forum/search.php /forum/showthread.php /forum/usercp2.php The impact of this vulnerability An unauthenticated attacker may execute arbitrary SQL/XPath statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. How to fix this vulnerability Your script should filter metacharacters from user input. Check detailed information for more information about fixing this vulnerability. trim(),mysql_real_escape_string() Link to comment Share on other sites More sharing options...
darkfreaks Posted August 7, 2008 Share Posted August 7, 2008 GHDB: 500 Internal Server Error The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Error Messages This one shows the type of web server running on the site, and has the ability to show other information depending on how the message is internally formatted. This vulnerability affects /js/olib/makemini.pl. The impact of this vulnerability Not available. Check description. Attack details We found intitle:"500 Internal Server Error" "server at" GHDB: Files uploaded through FTP Vulnerability description The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Files containing juicy info Files uploaded through ftp by other people, sometimes you can find all sorts of things from movies to important stuff. This vulnerability affects /icons. The impact of this vulnerability Not available. Check description. Attack details We found intitle:"Index of" upload size parent directory GHDB: Generic MySQL error message Vulnerability description The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Error Messages Another generic SQL message, this message can display path names, function names, filenames and partial SQL code, all of which are very helpful for hackers... This vulnerability affects /images. The impact of this vulnerability Not available. Check description. Attack details We found "Supplied argument is not a valid MySQL result resource" GHDB: Apache directory listing which show Apache version The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Files containing juicy info This is a very basic string found on directory listing pages which show the version of the Apache web server. Hackers can use this information to find vulnerable targets without querying the servers. This vulnerability affects /css. The impact of this vulnerability Not available. Check description. Attack details We found intitle:index.of "Apache" "server at" Link to comment Share on other sites More sharing options...
darkfreaks Posted August 8, 2008 Share Posted August 8, 2008 to prevent google hacking you can add a robots.txt file that will exclude search robots from accessing the site. Link to comment Share on other sites More sharing options...
Recommended Posts