Supah Fly Posted August 27, 2008 Share Posted August 27, 2008 This is my website, its sorta still in development but it is complete. So far it only supports image uploading. When a user uploads a file it compares its extension to a list of allowed extensions, then after it does that it checks its mime type, if it is allowed it will be uploaded. I have something that displays the image, which it checks the extension and the mime type before it is outputted. I would do .htaccess but I don't know anything about it. Try to learn RewriteRules The website is http://www.ng2b.com or http://www.transferget.com whichever you like best it doesn't matter. Please post any vulnerabilities in the script and I'll be sure to patch them up asap. This script does not currently use any kind of databases. I'm not the best graphics designer either so sorry D: Link to comment Share on other sites More sharing options...
darkfreaks Posted August 27, 2008 Share Posted August 27, 2008 Vulnerability description By this form input is possible to upload a file to the server. This vulnerability affects /upload.php. The impact of this vulnerability User may upload malicious files to server. How to fix this vulnerability Check if the script inputs are properly validated. Link to comment Share on other sites More sharing options...
Supah Fly Posted August 27, 2008 Author Share Posted August 27, 2008 Vulnerability description By this form input is possible to upload a file to the server. This vulnerability affects /upload.php. The impact of this vulnerability User may upload malicious files to server. How to fix this vulnerability Check if the script inputs are properly validated. -.- When a user uploads a file it compares its extension to a list of allowed extensions, then after it does that it checks its mime type, if it is allowed it will be uploaded. I have something that displays the image, which it checks the extension and the mime type before it is outputted. I would do .htaccess but I don't know anything about it. Try to learn RewriteRules Link to comment Share on other sites More sharing options...
darkfreaks Posted August 27, 2008 Share Posted August 27, 2008 also check for filetypes like filename.test.php anything with a double extension Link to comment Share on other sites More sharing options...
Supah Fly Posted August 27, 2008 Author Share Posted August 27, 2008 also check for filetypes like filename.test.php anything with a double extension mime types stay the same if the extension isnt allowed, and the mime type is, vise-versa, it still wont allow it to be saved. Link to comment Share on other sites More sharing options...
darkfreaks Posted August 27, 2008 Share Posted August 27, 2008 http://www.linuxquestions.org/questions/bsd-17/apache-modrewrite-tracetrack-woes-422068/ this should solve the HTTP Trace problem. hopefully you understand it more than i do :-X Link to comment Share on other sites More sharing options...
darkfreaks Posted August 27, 2008 Share Posted August 27, 2008 GHDB: Possible server upload portal The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Sensitive Directories The search reveals server upload portals. An attacker can use server space for his own benefit. This vulnerability affects /upload.php. Attack details We found intitle:upload inurl:upload intext:upload -forum -shop -support -w3c Link to comment Share on other sites More sharing options...
Supah Fly Posted August 27, 2008 Author Share Posted August 27, 2008 http://www.linuxquestions.org/questions/bsd-17/apache-modrewrite-tracetrack-woes-422068/ this should solve the HTTP Trace problem. hopefully you understand it more than i do :-X Apache version: 1.3.41 (Unix) [This is my Apache, versus (below)] I'd like to disable Trace/ Track on apache 1.3.29. Googling on how to do that turns out a lot of results like These are different versions. Also HTTP Tracing = What? Link to comment Share on other sites More sharing options...
darkfreaks Posted August 27, 2008 Share Posted August 27, 2008 it allows someone to use HTTPS trace to run harmful scripts. turning them off makes your script/server more secure Link to comment Share on other sites More sharing options...
Supah Fly Posted August 27, 2008 Author Share Posted August 27, 2008 it allows someone to use HTTPS trace to run harmful scripts. turning them off makes your script/server more secure Why would one want to run it in the first place? Will anything be different if I turn it off? Link to comment Share on other sites More sharing options...
darkfreaks Posted August 27, 2008 Share Posted August 27, 2008 to hack your site? you would have to go into the surver into Apache and turn off trace method Link to comment Share on other sites More sharing options...
xylex Posted October 3, 2008 Share Posted October 3, 2008 You're vulnerable to sql injection at http://www.ng2b.com/document.php?doc=1%20UNION%20SELECT%201,2,3,4 Escaping unquoted values doesn't provide any protection. Link to comment Share on other sites More sharing options...
Supah Fly Posted October 5, 2008 Author Share Posted October 5, 2008 What about now? Link to comment Share on other sites More sharing options...
darkfreaks Posted October 5, 2008 Share Posted October 5, 2008 Trace/Track Method enabled Solution: in a .htaccess file write: RewriteEngine on # Optional debug directives #RewriteLog logs/mod_rewrite.log #RewriteLogLeve 1 # Block TRACK and TRACE methods ReWriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) ReWriteRule .* - [F] Link to comment Share on other sites More sharing options...
darkfreaks Posted October 12, 2008 Share Posted October 12, 2008 XSS me says your good Link to comment Share on other sites More sharing options...
Recommended Posts