login and reg system

[sstangle73]

guys i would like to hear everything you have for this system all possible errors i made i would like to fix  thanks alot =]

 

test.stangle.info

 

test account:

user: testaccount

pass: testing

 

or make your own up to you =]

thanks again

[waynew]

I can't seem to register? It's telling me that the email has to be unique. I've tried a few emails now.

[sstangle73]

im not sure why that is the case i just went and was able to register on firefox with out a problem but what i did just find out it is always fails on IE  . . . greattt! haha ill b looking into that.

[Dead6re]

Unclear error message too, since it seems to be wrong.

 

[attachment deleted by admin]

[sstangle73]

. . . but what i did just find out it is always fails on IE  . . . greattt! haha ill b looking into that.

yeah that is what i was talking about and am looking into currently.  thanks.

 

i am a little stumped at this point.  started a help topic

http://www.phpfreaks.com/forums/index.php/topic,211708.0.html

[jkewlo]

eh a bit big eh?

 

[sstangle73]

all working now  test the shit out of it

 

thanks everyone

[darkfreaks]

Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1

This version of Apache is vulnerable to HTML injection (including malicious Javascript code) through "Expect" header. Until not it was not classed as security vulnerability as an attacker has no way to influence the Expect header a victim will send to a target site. However, according to Amit Klein's paper: "Forging HTTP request headers with Flash" there is a working cross site scripting (XSS) attack against Apache 1.3.34, 2.0.57 and 2.2.1 (as long as the client browser is IE or Firefox, and it supports Flash 6/7+). Affected Apache versions (up to 1.3.34/2.0.57/2.2.1). This vulnerability affects Web Server.

The impact of this vulnerability

Malicious users may inject JavaScript, not allowed, ActiveX, HTML or Flash to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.

How to fix this vulnerability

Upgrade to the latest Apache versions. This flaw has been corrected in Apache versions (1.3.35/2.0.58/2.2.2)

Input Type Password Autocomplete Enabled

Password type input has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache.

The impact of this vulnerability

Possible sensitive information disclosure

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: < INPUT TYPE="password" AUTOCOMPLETE="off" >

 

 

User credentials are sent in clear text

The impact of this vulnerability

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

How to fix this vulnerability

Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.

 

 

 

Apache Mod_Rewrite Off-By-One

This alert was generated using only banner information. It may be a false positive.Apache mod_rewrite is prone to an off-by-one buffer-overflow condition. The vulnerability arising in the mod_rewrite module's ldap scheme handling allows for potential memory corruption when an attacker exploits certain rewrite rules.

Affected Apache versions:

Apache 1.3.28 - 1.3.36 with mod_rewrite Apache 2.2.0 - 2.2.2 with mod_rewrite Apache 2.0.46 - 2.0.58 with mod_rewrite

The impact of this vulnerability

An attacker may exploit this issue to trigger a denial-of-service condition. Reportedly, arbitrary code execution may also be possible.

How to fix this vulnerability

Upgrade Apache to the latest version.

[Jeigh]

I managed to sign up the username 'testaccount' again (twice).

 

You'll notice now if you try logging in with the username 'testaccount' and password 'sj2383mds' or 'testtest' it will still log in.

 

I'm not expert on the matter but this was achieved through MySQL truncation, I signed up with the username:

 

testaccount                                                                                    x

 

(going over the maximum allowed limit in the database)

 

So when it checks if the username already exists it dosnt (since it has the x on the end) but in the database it will still be 'testaccount' without the x since it went over the limit. The error did come up saying I was using too many characters but it still let me submit and processed it anyway.

 

Make sure you don't let people enter anymore than 50 in the input area and also check the input in PHP before inserting rather that just with Ajax.