Brand new CMS (MyHTML) needs testers

alex705 · September 4, 2008

Hey guys, I've just finished developing the first version of my CMS "MyHTML". I have a built the site www.rabbitcoder.com using this CMS and I would be very happy if some of you could test this site for me .

The source of the CMS "MyHTML" is not available yet, but will be released on www.rabbitcoder.com soon. The special thing about MyHTML is that MyHTML is the first "script based" CMS ever.

Links:

www.rabbitcoder.com - Rabbitcoder.com - my webdev site based on MyHTML

http://www.rabbitcoder.com/myhtml.htm - Details to what MyHTML is

http://www.rabbitcoder.com/myhtml_articles_a%20script%20based%20cms.html - Details how MyHTML works and what a script based CMS is.

Thank you!

darkfreaks · September 5, 2008

Input Type Password Autocomplete Enabled

Password type input named pass from unnamed form with action has autocomplete enabled. An attacker with local access could obtain the cleartext password from the browser cache.

The impact of this vulnerability

Possible sensitive information disclosure

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to < INPUT TYPE="password" AUTOCOMPLETE="off" >

User credentials are sent in clear text

The impact of this vulnerability

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

How to fix this vulnerability

Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.

Hinty · September 5, 2008

thats not really a vulnerability tho

angelfashion · September 8, 2008

thanks 4 sharing

JonnoTheDev · September 8, 2008

The URLS generated aren't SEO friendly:

http://www.rabbitcoder.com/web%20development_articles

darkfreaks · October 13, 2008

SQL Injection