chinamannnz Posted August 19, 2008 Share Posted August 19, 2008 Hi guys, this is my first serious website. I need people to take a look at my website before I launch it in about two week or so. any comments are welcome! thanks a ton http://club-nex.com Link to comment Share on other sites More sharing options...
chinamannnz Posted August 19, 2008 Author Share Posted August 19, 2008 oh by the way, all the data a testing data. they are not real clubs. Link to comment Share on other sites More sharing options...
darkfreaks Posted August 19, 2008 Share Posted August 19, 2008 User credentials are sent in clear text The impact of this vulnerability A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection. How to fix this vulnerability Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection. Input Type Password Autocomplete Enabled Password type input named pass from unnamed form with action has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache. The impact of this vulnerability Possible sensitive information disclosure How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: < INPUT TYPE="password" AUTOCOMPLETE="off" > Link to comment Share on other sites More sharing options...
darkfreaks Posted August 19, 2008 Share Posted August 19, 2008 this script is possibly vulnerable to Cross Site Scripting (XSS) attacks and SQL Injection attacks. Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser. The impact of this vulnerability Malicious users may inject JavaScript, not allowed, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user. How to fix this vulnerability Your script should filter metacharacters from user input. IE strip_tags , html entities, mysql_real_escape_string, trim HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method. This vulnerability affects Web Server. The impact of this vulnerability Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data. How to fix this vulnerability Disable TRACE Method on the web server. HTTP TRACK method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACK method. This vulnerability affects Web Server. The impact of this vulnerability Attackers may abuse HTTP TRACK functionality to gain access to information in HTTP headers such as cookies and authentication data. How to fix this vulnerability Disable TRACK Method on the web server. Cookie manipulation This script is vulnerable to Cookie manipulation attacks. By injecting a custom HTTP header or by injecting a META tag, it is possible to alter the cookies stored in the browser. Attackers will normally manipulate cookie values to fraudulently authenticate themselves on a web site. This vulnerability affects /search/. The impact of this vulnerability By exploiting this vulnerability, an attacker may conduct a session fixation attack. In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server, thereby eliminating the need to obtain the user's session ID afterwards. Attack details The GET variable q has been set to <meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>. How to fix this vulnerability You need to filter the output in order to prevent the injection of custom HTTP headers or META tags. Additionally, with each login the application should provide a new session ID to the user. Backup files A possible backup file has been found on your webserver. These files are usually created by developers to backup their work. This vulnerability affects /account/register.old. The impact of this vulnerability Backup files can contain script sources, configuration files or other sensitive information that may help an malicious user to prepare more advanced attacks. How to fix this vulnerability Remove the file(s) if they are not required on your website. As an additional step, it is recommended to implement a security policy within your organization to disallow creation of backup files in directories accessible from the web. Link to comment Share on other sites More sharing options...
Coreye Posted August 19, 2008 Share Posted August 19, 2008 Cross Site Scripting: http://club-nex.com/search/?q="><marquee><h1>Corey Full Path Disclosure: http://club-nex.com/utility Fatal error: Uncaught exception 'Zend_Controller_Action_Exception' with message 'Action "index" does not exist and was not trapped in __call()' in /home/nzha/club-nex.com/html/include/Zend/Controller/Action.php:477 Stack trace: #0 /home/nzha/club-nex.com/html/include/Zend/Controller/Action.php(504): Zend_Controller_Action->__call('indexAction', Array) #1 /home/nzha/club-nex.com/html/include/Zend/Controller/Dispatcher/Standard.php(293): Zend_Controller_Action->dispatch('indexAction') #2 /home/nzha/club-nex.com/html/include/Zend/Controller/Front.php(914): Zend_Controller_Dispatcher_Standard->dispatch(Object(Zend_Controller_Request_Http), Object(Zend_Controller_Response_Http)) #3 /home/nzha/club-nex.com/html/index.php(237): Zend_Controller_Front->dispatch() #4 {main} thrown in /home/nzha/club-nex.com/html/include/Zend/Controller/Action.php on line 477 Full Path Disclosure: http://club-nex.com/include/Zend/Controller/Dispatcher/hjkhkajhajkh Fatal error: Uncaught exception 'Zend_Controller_Dispatcher_Exception' with message 'Invalid controller specified (include)' in /home/nzha/club-nex.com/html/include/Zend/Controller/Dispatcher/Standard.php:249 Stack trace: #0 /home/nzha/club-nex.com/html/include/Zend/Controller/Front.php(914): Zend_Controller_Dispatcher_Standard->dispatch(Object(Zend_Controller_Request_Http), Object(Zend_Controller_Response_Http)) #1 /home/nzha/club-nex.com/html/index.php(237): Zend_Controller_Front->dispatch() #2 {main} thrown in /home/nzha/club-nex.com/html/include/Zend/Controller/Dispatcher/Standard.php on line 249 Link to comment Share on other sites More sharing options...
chinamannnz Posted August 20, 2008 Author Share Posted August 20, 2008 Jeeze, thanks. I will try to fix those. that search inject dosn't look very good. haha. I will try to get those straightened out! Link to comment Share on other sites More sharing options...
darkfreaks Posted August 20, 2008 Share Posted August 20, 2008 let me know when its fixed ill rescan it again Link to comment Share on other sites More sharing options...
darkfreaks Posted August 21, 2008 Share Posted August 21, 2008 dood for the love of god fix your search it is prone to SQL and XSS injection :-X Link to comment Share on other sites More sharing options...
Lamez Posted August 21, 2008 Share Posted August 21, 2008 I have not read all the post but you got some xss and maybe mysql injection in your search! http://club-nex.com/search/?q=\%3CB%3E%3Cmarquee%3E%3Ch1%3E%3Ca%20href=%22http://www.google.com%22%3EGOOGLE%3C/a%3E Link to comment Share on other sites More sharing options...
chinamannnz Posted August 21, 2008 Author Share Posted August 21, 2008 Alright... that took me a while, I think I fixed it... give it another shot guys. Link to comment Share on other sites More sharing options...
chinamannnz Posted August 21, 2008 Author Share Posted August 21, 2008 oh, any comments on layout/looks and feel? thanks. Link to comment Share on other sites More sharing options...
darkfreaks Posted August 21, 2008 Share Posted August 21, 2008 now that your XSS is fixed you might want to consider the autocomplete exploit that was listed above. was found in the following places in your script: /account /account/login /affiliationmanager /checkout /affiliationmanager/uofmballroom /affiliationmanager/uofmballroom/request Link to comment Share on other sites More sharing options...
darkfreaks Posted August 21, 2008 Share Posted August 21, 2008 BLIND XPATH SQL Injection Location: account/login Cross Site Scripting in URI Security Vulnerability This script is possibly vulnerable to Cross Site Scripting (XSS) attacks. Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user.Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser. This XSS variant usually appears when a PHP script is using one of following variables without filtering them: * PHP_SELF * REQUEST_URI * SCRIPT_URL * SCRIPT_URI Those variables are set either by Apache or the PHP engine. Apache is automatically ignoring anything in the URI after the .php extension for mapping script filename, but these variables are containing the full URI. Impact Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them.An attacker can steal the session cookie and take over the account, impersonating the user.It is also possible to modify the content of the page presented to the user. Link to comment Share on other sites More sharing options...
Recommended Posts