Jump to content

Recommended Posts

I have just made a internal link checker, and I do not think there is much you can do with it, but please see what you can do.

 

 

Here is a link: http://links.krazypicks.com/?url=google.com

 

at the end where it says ?url=google.com, you can change it to yahoo.com and it will check yahoo.com.

 

Thanks Guys! :D

 

Also take a look at http://krazypicks.com/register.php

 

Link to comment
https://forums.phpfreaks.com/topic/120211-hack-this-internal-link-checker/
Share on other sites

Input Type Password Autocomplete Enabled

Password type input named pass from unnamed form  has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache.

The impact of this vulnerability

Possible sensitive information disclosure

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: < INPUT TYPE="password" AUTOCOMPLETE="off" >

 

 

HTTP TRACE method is enabled on this web server.

In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method. This vulnerability affects Web Server.

The impact of this vulnerability

Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data.

How to fix this vulnerability

Disable TRACE Method on the web server.

 

 

User credentials are sent in clear text

The impact of this vulnerability

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

How to fix this vulnerability

Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.

This script is vulnerable to PHPSESSID session fixation attacks.

By injecting a custom PHPSESSID is possible to alter the PHP session cookie. Attackers will normally manipulate cookie values to fraudulently authenticate themselves on a web site.

The impact of this vulnerability

By exploiting this vulnerability, an attacker may conduct a session fixation attack. In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server, thereby eliminating the need to obtain the user's session ID afterwards.

How to fix this vulnerability

Set session.use_only_cookies = 1 from php.ini. This option enables administrators to make their users invulnerable to attacks which involve passing session ids in URLs; defaults to 0.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.