Lamez Posted August 19, 2008 Share Posted August 19, 2008 Picture Uploader http://links.krazypicks.com/up.php Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/ Share on other sites More sharing options...
obsidian Posted August 19, 2008 Share Posted August 19, 2008 Picture Uploader http://links.krazypicks.com/up.php Lamez, this is your own site, correct? Just wanted to clarify. Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-620084 Share on other sites More sharing options...
Lamez Posted August 19, 2008 Author Share Posted August 19, 2008 lol ya, links is my link checker for my main site krazypicks, I just am testing my script, because my website will handle money transactions. You can take a look at it, but there is not much there. http://www.krazypicks.com you can see a name at the footer saying it is copyrighted by James Little, if you look in my profile on here I think my name is in it. I also own www.lamezz.com and www.lamezz.info All the footers match! lol I am not trying to get you guys to hack other peoples websites Oh also, you can also do a WhoIs on the domain! Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-620119 Share on other sites More sharing options...
obsidian Posted August 19, 2008 Share Posted August 19, 2008 lol I am not trying to get you guys to hack other peoples websites Oh also, you can also do a WhoIs on the domain! Great! Thanks for the clarification. I was definitely not making any accusations, but without more comment than "hack this", I just wanted to make sure. Good luck! Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-620156 Share on other sites More sharing options...
Lamez Posted August 19, 2008 Author Share Posted August 19, 2008 lol its fine. I just wanna make sure I do not get hacked, and I think it is great there is a forum where I can find my exploits without the worry of being taken over. Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-620167 Share on other sites More sharing options...
corbin Posted August 19, 2008 Share Posted August 19, 2008 I'm feeling too lazy to forge HTTP headers, so I'll just ask: Does your upload form check MIME types or file extensions? Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-620601 Share on other sites More sharing options...
Lamez Posted August 20, 2008 Author Share Posted August 20, 2008 it does check file extensions, but what is MIME or w\e? Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-620876 Share on other sites More sharing options...
Daniel0 Posted August 20, 2008 Share Posted August 20, 2008 Image uploaded successfully. Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: gd-jpeg: JPEG library reports unrecoverable error: in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 67 Warning: imagecreatefromjpeg() [function.imagecreatefromjpeg]: 'user_img/f1b77376e6da9ea8126410f9331886e8-Guest.jpeg' is not a valid JPEG file in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 67 Warning: imagesx(): supplied argument is not a valid Image resource in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 68 Warning: imagesy(): supplied argument is not a valid Image resource in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 69 Warning: Division by zero in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 75 Warning: imagecreate() [function.imagecreate]: Invalid image dimensions in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 79 Warning: imagetruecolortopalette(): supplied argument is not a valid Image resource in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 80 Warning: imagecolorstotal(): supplied argument is not a valid Image resource in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 81 Warning: imagecopyresized(): supplied argument is not a valid Image resource in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 86 Warning: imagejpeg(): supplied argument is not a valid Image resource in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 87 Warning: imagedestroy(): supplied argument is not a valid Image resource in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 88 Warning: imagedestroy(): supplied argument is not a valid Image resource in /mounted-storage/home48c/sub007/sc33591-LWQU/link_check/up.php on line 89 Image shirnking successfully done.Guest.jpeg Also, it says "wrong file type" for .jpg Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-621202 Share on other sites More sharing options...
darkfreaks Posted August 20, 2008 Share Posted August 20, 2008 HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method. This vulnerability affects Web Server. The impact of this vulnerability Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data. How to fix this vulnerability Disable TRACE Method on the web server. File inputs accepted By this form input is possible to upload a file to the server. This vulnerability affects /up.php. The impact of this vulnerability User may upload malicious files to server. How to fix this vulnerability Check if the script inputs are properly validated Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-621203 Share on other sites More sharing options...
Daniel0 Posted August 20, 2008 Share Posted August 20, 2008 darkfreaks, do you care to read what you are actually posting? "File inputs accepted"... duh... it's a file uploading script. Obviously you are able to upload files then... Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-621209 Share on other sites More sharing options...
darkfreaks Posted August 20, 2008 Share Posted August 20, 2008 actually i do read stuff. there is a potential that the script could be vulnerable to upload attacks. if it does not contain a filter function like to check not only just to allow picture types but also to disallow malicious file types like .exe,.js,.asp, .php and so on. Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-621216 Share on other sites More sharing options...
Lamez Posted August 21, 2008 Author Share Posted August 21, 2008 Thanks for the replys, I have made some fixes but you are now required to login go here: http://krazypicks.com user: demo1 pass: demo then go here: http://krazypicks.com/user/avatar_uploader.php -Thanks Guys! Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-621641 Share on other sites More sharing options...
darkfreaks Posted August 21, 2008 Share Posted August 21, 2008 Vulnerability description Password type input named pass from form named form1 with action ../main/include/process.php has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache. This vulnerability affects /user/avatar_uploader.php, index.php,user/index.php,/user,support/index.php The impact of this vulnerability Possible sensitive information disclosure How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-621648 Share on other sites More sharing options...
Lamez Posted August 21, 2008 Author Share Posted August 21, 2008 so I fixed the autocomplete. Now does the avatar uploaded seem more secure? Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-621654 Share on other sites More sharing options...
darkfreaks Posted August 21, 2008 Share Posted August 21, 2008 Actually it does Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-621655 Share on other sites More sharing options...
Lamez Posted August 21, 2008 Author Share Posted August 21, 2008 wow thanks :D !! Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-621656 Share on other sites More sharing options...
darkfreaks Posted August 21, 2008 Share Posted August 21, 2008 also a quick note but your /user folder is prone to PHPSESSID fixation attacks http://shiflett.org/articles/session-fixation explains on how to minimize the risk of this Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-621661 Share on other sites More sharing options...
Daniel0 Posted August 21, 2008 Share Posted August 21, 2008 Vulnerability description Password type input named pass from form named form1 with action ../main/include/process.php has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache. This vulnerability affects /user/avatar_uploader.php, index.php,user/index.php,/user,support/index.php The impact of this vulnerability Possible sensitive information disclosure How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> Your scanner sucks. The autocomplete attribute does not exist in the specification or DTD. http://www.w3.org/TR/html401/interact/forms.html#h-17.4 Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-621763 Share on other sites More sharing options...
darkfreaks Posted August 21, 2008 Share Posted August 21, 2008 Daniel: that is because it is a javascript function. not HTML , please quit saying it sucks that is really immature Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-622033 Share on other sites More sharing options...
Daniel0 Posted August 21, 2008 Share Posted August 21, 2008 No it isn't. It's HTML syntax, not Javascript syntax. Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-622050 Share on other sites More sharing options...
darkfreaks Posted August 21, 2008 Share Posted August 21, 2008 actually your right it is an input in html. but the actual function is javascript, it allows automatic filling of the form in which you can turn it on or off or not have it which it would be on anyway. Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-622061 Share on other sites More sharing options...
Daniel0 Posted August 21, 2008 Share Posted August 21, 2008 What are you talking about? What function? There is no function in that snippet. It's an invalid HTML attribute and it has nothing to do with Javascript whatsoever. The scanner sucks because it suggests people to use invalid markup. Furthermore, how is it immature to say that something sucks based on facts? Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-622066 Share on other sites More sharing options...
darkfreaks Posted August 21, 2008 Share Posted August 21, 2008 nevermind i retract my previous statement < /end > http://www.w3.org/Submission/web-forms2/#the-autocomplete Edit (Daniel0): Recovered stripped content in order to prevent disruption of the conversation. Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-622069 Share on other sites More sharing options...
Daniel0 Posted August 21, 2008 Share Posted August 21, 2008 Again, I would suggest you to read what you post: Publication of this document by W3C indicates no endorsement of its content by W3C' date=' nor that W3C has, is, or will be allocating any resources to the issues addressed by it. This document is not the product of a chartered W3C group, but is published as [i']potential[/i] input to the W3C Process. (my emphasis) Furthermore, if you dump that snippet into the validator then you will see that it's regarded as an invalid attribute. Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-622076 Share on other sites More sharing options...
darkfreaks Posted August 21, 2008 Share Posted August 21, 2008 the statment is retracted. anyway since i no doubted provided the wrong solution thanks to the scanner i am going to change it up to switch off in javascript rather than HTML since its non W3C compliant. <script type="text/javascript"> function init() { if (!document.getElementById) return false; var f = document.getElementById('auto_off'); var u = f.elements[0]; f.setAttribute("autocomplete", "off"); u.focus(); } </script> <body onload='init()'> <form id="auto_off"> hopefully that will turn the function off rather than put it in html where it does not belong. Link to comment https://forums.phpfreaks.com/topic/120354-hack-this/#findComment-622079 Share on other sites More sharing options...
Recommended Posts