Test my login for security please.

[secoxxx]

Hey everyone,

 

If anyone wouldnt mind testing the login for any vulnerabilities i would gladly appreciate it.

 

http://hrgvirtual.com

 

thank you in advance.

[waynew]

You could also post the code if you wanted to. We could give you better advice.

[darkfreaks]

Input Type Password Autocomplete Enabled

Password type input named pass from unnamed form with action ./process.php has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache.

The impact of this vulnerability

Possible sensitive information disclosure

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: < INPUT TYPE="password" AUTOCOMPLETE="off" >

 

User credentials are sent in clear text

The impact of this vulnerability

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

How to fix this vulnerability

Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.

 

GHDB: Apache directory listing which show Apache version

The description for this alert is contributed by the GHDB community, it may contain inappropriate language.

Category : Files containing juicy info

 

This is a very basic string found on directory listing pages which show the version of the Apache web server. Hackers can use this information to find vulnerable targets without querying the servers.

This vulnerability affects /includes.

Solution

 

Restrict Includes folder and remove any lines in any files containing phpinfo or version information which hackers can use against you.

 

[darkfreaks]

to prevent google hacking you can add a robots.txt file that will exclude search robots from accessing the site.