Website Test Needed

[metrostars]

Hi.

 

This website is about 80% complete.

 

I'm aware that some pages aren't there. As long as the sub-header appears correctly, then all is well.

 

Register, wait for the admin's approval and basically press every button you can see and every text box you can find.

 

Thanks/

 

http://www.americanmidwestva.com/beta

[Coreye]

Cross Site Scripting(XSS):

You can submit ">code when registering and it executes on the 'Roster' page.

 

Cross Site Scripting(XSS):

You can submit ">code when trying to login and it executes on the login page.

 

SQL Error:

http://www.americanmidwestva.com/beta/index.php?page=viewroute&id=\

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\' LIMIT 0, 1' at line 5

[darkfreaks]

Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability

This alert was generated using only banner information. It may be a false positive. A stack-based buffer overflow has been reported in the Apache mod_ssl module. This issue would most likely result in a denial of service if triggered, but could theoretically allow for execution of arbitrary code. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, though this may not be the case with other architectures. Affected mod_ssl versions (up to 2.8.17). This vulnerability affects mod_ssl.

The impact of this vulnerability

Denial of service and/or possible arbitrary code execution.

How to fix this vulnerability

Upgrade mod_ssl to the latest version

 

Apache Mod_SSL Log Function Format String Vulnerability

This alert was generated using only banner information. It may be a false positive. A format string vulnerability has been found in mod_ssl versions older than 2.8.19. Successful exploitation of this issue will most likely allow an attacker to execute arbitrary code on the affected computer. Affected mod_ssl versions (up to 2.8.18).

This vulnerability affects mod_ssl.

The impact of this vulnerability

Denial of service and/or possible arbitrary code execution.

How to fix this vulnerability

Upgrade mod_ssl to the latest version.

HTTP TRACE method is enabled on this web server.

In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method. This vulnerability affects Web Server.

The impact of this vulnerability

Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data.

How to fix this vulnerability

Disable TRACE Method on the web server.

 

User credentials are sent in clear text

The impact of this vulnerability

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

How to fix this vulnerability

Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.

Cross Site Scripting(XSS)

Found in: /beta/ ($page)

Attack: The $_GET variable has been set to 0.

 

 

 

 

 

[darkfreaks]

Cross Site Scripting(XSS)/SQL Injection

Found in: /beta/index.php

 

Attack: $_POST variable $username has been set to '<script>alert('fkfkeflee');</script>' $_POST variable $username  has been set to '+onmouseover=alert('4546545454545');+' , the $_GET variable $id has been set to '\'

 

How to Fix: strip_tags(), htmlspecialchars(),trim(),mysql_real_escape_string()

 

 

[darkfreaks]

Blind XPATH SQL Injection

 

Found in: /beta/index.php

 

Attack: the $_GET variable $id is vunerable, the $_POST variable $pwd is vunerable, the $_POST variable $action is vunerable, the $_POSt variable $username is vunerable

 

 

How to Fix: strip_tags,trim(),htmlspecialchars(),mysql_real_escape_string()

 

 

Source code disclosure

 

Impact of Vulnerability: user can gather sensitive infotmation such as database connection queries, application logic by analyzing the source fo this code. this information can be used to conduct an attack.

Found in:

/~admin/galeria/themes/matrix/theme.inc.

 

Attack:

<?php
/*
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2007 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
*/

/**
* Standard gallery theme
* @package Themes
* @subpackage Matrix
* @author Bharat Mediratta <bharat@menalto.com>
* @version $Revision: 16034 $
*/
class MatrixTheme extends GalleryTheme {

    function MatrixTheme() {
global $gallery;

$this->setId('matrix');
$this->setName($gallery->i18n('Matrix'));
$this->setDescription($gallery->i18n('Standard Gallery2 look and feel'));
$this->setVersion('1.1.4');
$this->setRequiredCoreApi(array(7, 10));
$this->setRequiredThemeApi(array(2, 4));
$this->setStandardSettings(
    array('rows' => 3, 'columns' => 3,
	  'showImageOwner' => 0, 'showAlbumOwner' => 1,
	  'albumFrame' => '', 'itemFrame' => '', 'photoFrame' => '',
	  'colorpack' => '', 'showMicroThumbs' => 0, 'dynamicLinks' => 'browse',
	  'sidebarBlocks' => serialize(array(
		array('search.SearchBlock', array('showAdvancedLink' => true)),
		array('core.ItemLinks', array('useDropdown' => false)),
		array('core.PeerList', array()),
		array('imageblock.ImageBlock', array()))),
	  'albumBlocks' => serialize(array(
		array('comment.ViewComments', array()))),
	  'photoBlocks' => serialize(array(
		array('exif.ExifInfo', array()),
		array('comment.ViewComments', array())))));
    }

    /**
     * @see GalleryTheme::showAlbumPage
     */
    function showAlbumPage(&$template, $item, $params, $childIds) {
$ret = $this->loadCommonTemplateData(
    $template, $item, $params,
    array('owner', 'viewCount', 'childCount', 'descendentCount', 'parents',
	  'systemLinks', 'itemLinks', 'itemSummaries', 'permissions',
	  'thumbnails', 'pageNavigator', 'jumpRange'),
     $childIds);
if ($ret) {
    return array($ret, null);
}

/* Add in our extra stuff */
$theme =& $template->getVariableByReference('theme');
$theme['columnWidthPct'] = floor(100 / $params['columns']);

/* Add our header and styles */
return array(null, 'theme.tpl');
    }

    /**
     * @see GalleryTheme::showPhotoPage
     */
    function showPhotoPage(&$template, $item, $params) {
$dataTypes = array('owner', 'parents', 'systemLinks', 'itemLinks', 'permissions',
		   'itemLinksDetailed', 'itemNavigator', 'imageViews');
if (!empty($params['showMicroThumbs'])) {
    $dataTypes[] = 'navThumbnails';
}
$ret = $this->loadCommonTemplateData($template, $item, $params, $dataTypes);
if ($ret) {
    return array($ret, null);
}

return array(null, 'theme.tpl');
    }

    /**
     * @see GalleryTheme::showModulePage
     */
    function showModulePage(&$template, $item, $params, $templateFile) {
$ret = $this->loadCommonTemplateData(
    $template, $item, $params, array('parents', 'systemLinks'));
if ($ret) {
    return array($ret, null);
}

return array(null, 'theme.tpl');
    }

    /**
     * @see GalleryTheme::showAdminPage
     */
    function showAdminPage(&$template, $item, $params, $templateFile) {
$ret = $this->loadCommonTemplateData(
    $template, $item, $params, array('parents', 'systemLinks'));
if ($ret) {
    return array($ret, null);
}

return array(null, 'theme.tpl');
    }

    /**
     * @see GalleryTheme::showErrorPage
     */
    function showErrorPage(&$template) {
return array(null, 'error.tpl');
    }

    /**
     * @see GalleryTheme::showProgressBarPage
     */
    function showProgressBarPage(&$template, $item, $params) {
$ret = $this->loadCommonTemplateData(
    $template, $item, $params, array('parents', 'systemLinks'));
if ($ret) {
    return array($ret, null);
}

return array(null, 'theme.tpl');
    }
}
?>

 

How to Fix:

Restrict the file or remove from production.