apw Posted August 12, 2008 Share Posted August 12, 2008 Im looking for testers to give me feedback on my social-community website. The source used is gpl however ive been working to fix bugs, clean-up code, add new features as well as give the site a more personal touch. Please tryout everything and either post comments and suggestions here or on the built-in forums om website. Thanks in advance. http://social.lmninfo.com Link to comment https://forums.phpfreaks.com/topic/119281-testers-wanted/ Share on other sites More sharing options...
darkfreaks Posted August 12, 2008 Share Posted August 12, 2008 Input Type Password Autocomplete Enabled Password type input named pass from unnamed form with action has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache. The impact of this vulnerability Possible sensitive information disclosure How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: < INPUT TYPE="password" AUTOCOMPLETE="off" > Link to comment https://forums.phpfreaks.com/topic/119281-testers-wanted/#findComment-614655 Share on other sites More sharing options...
apw Posted August 12, 2008 Author Share Posted August 12, 2008 Thanks im impressed that only one moderate risk was found and im working to correct the problem! thanks again Link to comment https://forums.phpfreaks.com/topic/119281-testers-wanted/#findComment-614715 Share on other sites More sharing options...
darkfreaks Posted August 12, 2008 Share Posted August 12, 2008 oh no im still scanning it keeps freezing on me. it will sit there and crawl for a half hour which isnt right lmao Link to comment https://forums.phpfreaks.com/topic/119281-testers-wanted/#findComment-614730 Share on other sites More sharing options...
apw Posted August 12, 2008 Author Share Posted August 12, 2008 Could my website be the cause of your slow scan?? Link to comment https://forums.phpfreaks.com/topic/119281-testers-wanted/#findComment-614832 Share on other sites More sharing options...
darkfreaks Posted August 12, 2008 Share Posted August 12, 2008 nah prolly because of the number of those errors above it is finding Link to comment https://forums.phpfreaks.com/topic/119281-testers-wanted/#findComment-614863 Share on other sites More sharing options...
darkfreaks Posted August 12, 2008 Share Posted August 12, 2008 make sure you apply that fix to index.php,board.php,chat.php,join.php,events.php / /templates/base/login_form_ajax_a.html /admin/index.php Link to comment https://forums.phpfreaks.com/topic/119281-testers-wanted/#findComment-614868 Share on other sites More sharing options...
darkfreaks Posted August 13, 2008 Share Posted August 13, 2008 other files affected by this exploit: story.php, Link to comment https://forums.phpfreaks.com/topic/119281-testers-wanted/#findComment-615181 Share on other sites More sharing options...
Recommended Posts