secoxxx Posted August 8, 2008 Share Posted August 8, 2008 Hey everyone, If anyone wouldnt mind testing the login for any vulnerabilities i would gladly appreciate it. http://hrgvirtual.com thank you in advance. Link to comment Share on other sites More sharing options...
waynew Posted August 8, 2008 Share Posted August 8, 2008 You could also post the code if you wanted to. We could give you better advice. Link to comment Share on other sites More sharing options...
darkfreaks Posted August 8, 2008 Share Posted August 8, 2008 Input Type Password Autocomplete Enabled Password type input named pass from unnamed form with action ./process.php has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache. The impact of this vulnerability Possible sensitive information disclosure How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: < INPUT TYPE="password" AUTOCOMPLETE="off" > User credentials are sent in clear text The impact of this vulnerability A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection. How to fix this vulnerability Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection. GHDB: Apache directory listing which show Apache version The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Files containing juicy info This is a very basic string found on directory listing pages which show the version of the Apache web server. Hackers can use this information to find vulnerable targets without querying the servers. This vulnerability affects /includes. Solution Restrict Includes folder and remove any lines in any files containing phpinfo or version information which hackers can use against you. Link to comment Share on other sites More sharing options...
darkfreaks Posted August 8, 2008 Share Posted August 8, 2008 to prevent google hacking you can add a robots.txt file that will exclude search robots from accessing the site. Link to comment Share on other sites More sharing options...
Recommended Posts