metrostars Posted September 16, 2008 Share Posted September 16, 2008 Hi. This website is about 80% complete. I'm aware that some pages aren't there. As long as the sub-header appears correctly, then all is well. Register, wait for the admin's approval and basically press every button you can see and every text box you can find. Thanks/ http://www.americanmidwestva.com/beta Link to comment Share on other sites More sharing options...
Coreye Posted September 16, 2008 Share Posted September 16, 2008 Cross Site Scripting(XSS): You can submit ">code when registering and it executes on the 'Roster' page. Cross Site Scripting(XSS): You can submit ">code when trying to login and it executes on the login page. SQL Error: http://www.americanmidwestva.com/beta/index.php?page=viewroute&id=\ You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''\' LIMIT 0, 1' at line 5 Link to comment Share on other sites More sharing options...
darkfreaks Posted September 20, 2008 Share Posted September 20, 2008 Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability This alert was generated using only banner information. It may be a false positive. A stack-based buffer overflow has been reported in the Apache mod_ssl module. This issue would most likely result in a denial of service if triggered, but could theoretically allow for execution of arbitrary code. The issue is not believed to be exploitable to execute arbitrary code on x86 architectures, though this may not be the case with other architectures. Affected mod_ssl versions (up to 2.8.17). This vulnerability affects mod_ssl. The impact of this vulnerability Denial of service and/or possible arbitrary code execution. How to fix this vulnerability Upgrade mod_ssl to the latest version Apache Mod_SSL Log Function Format String Vulnerability This alert was generated using only banner information. It may be a false positive. A format string vulnerability has been found in mod_ssl versions older than 2.8.19. Successful exploitation of this issue will most likely allow an attacker to execute arbitrary code on the affected computer. Affected mod_ssl versions (up to 2.8.18). This vulnerability affects mod_ssl. The impact of this vulnerability Denial of service and/or possible arbitrary code execution. How to fix this vulnerability Upgrade mod_ssl to the latest version. HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method. This vulnerability affects Web Server. The impact of this vulnerability Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data. How to fix this vulnerability Disable TRACE Method on the web server. User credentials are sent in clear text The impact of this vulnerability A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection. How to fix this vulnerability Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection. Cross Site Scripting(XSS) Found in: /beta/ ($page) Attack: The $_GET variable has been set to 0. Link to comment Share on other sites More sharing options...
darkfreaks Posted September 20, 2008 Share Posted September 20, 2008 Cross Site Scripting(XSS)/SQL Injection Found in: /beta/index.php Attack: $_POST variable $username has been set to '<script>alert('fkfkeflee');</script>' $_POST variable $username has been set to '+onmouseover=alert('4546545454545');+' , the $_GET variable $id has been set to '\' How to Fix: strip_tags(), htmlspecialchars(),trim(),mysql_real_escape_string() Link to comment Share on other sites More sharing options...
darkfreaks Posted September 20, 2008 Share Posted September 20, 2008 Blind XPATH SQL Injection Found in: /beta/index.php Attack: the $_GET variable $id is vunerable, the $_POST variable $pwd is vunerable, the $_POST variable $action is vunerable, the $_POSt variable $username is vunerable How to Fix: strip_tags,trim(),htmlspecialchars(),mysql_real_escape_string() Source code disclosure Impact of Vulnerability: user can gather sensitive infotmation such as database connection queries, application logic by analyzing the source fo this code. this information can be used to conduct an attack. Found in: /~admin/galeria/themes/matrix/theme.inc. Attack: <?php /* * Gallery - a web based photo album viewer and editor * Copyright (C) 2000-2007 Bharat Mediratta * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or (at * your option) any later version. * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ /** * Standard gallery theme * @package Themes * @subpackage Matrix * @author Bharat Mediratta <bharat@menalto.com> * @version $Revision: 16034 $ */ class MatrixTheme extends GalleryTheme { function MatrixTheme() { global $gallery; $this->setId('matrix'); $this->setName($gallery->i18n('Matrix')); $this->setDescription($gallery->i18n('Standard Gallery2 look and feel')); $this->setVersion('1.1.4'); $this->setRequiredCoreApi(array(7, 10)); $this->setRequiredThemeApi(array(2, 4)); $this->setStandardSettings( array('rows' => 3, 'columns' => 3, 'showImageOwner' => 0, 'showAlbumOwner' => 1, 'albumFrame' => '', 'itemFrame' => '', 'photoFrame' => '', 'colorpack' => '', 'showMicroThumbs' => 0, 'dynamicLinks' => 'browse', 'sidebarBlocks' => serialize(array( array('search.SearchBlock', array('showAdvancedLink' => true)), array('core.ItemLinks', array('useDropdown' => false)), array('core.PeerList', array()), array('imageblock.ImageBlock', array()))), 'albumBlocks' => serialize(array( array('comment.ViewComments', array()))), 'photoBlocks' => serialize(array( array('exif.ExifInfo', array()), array('comment.ViewComments', array()))))); } /** * @see GalleryTheme::showAlbumPage */ function showAlbumPage(&$template, $item, $params, $childIds) { $ret = $this->loadCommonTemplateData( $template, $item, $params, array('owner', 'viewCount', 'childCount', 'descendentCount', 'parents', 'systemLinks', 'itemLinks', 'itemSummaries', 'permissions', 'thumbnails', 'pageNavigator', 'jumpRange'), $childIds); if ($ret) { return array($ret, null); } /* Add in our extra stuff */ $theme =& $template->getVariableByReference('theme'); $theme['columnWidthPct'] = floor(100 / $params['columns']); /* Add our header and styles */ return array(null, 'theme.tpl'); } /** * @see GalleryTheme::showPhotoPage */ function showPhotoPage(&$template, $item, $params) { $dataTypes = array('owner', 'parents', 'systemLinks', 'itemLinks', 'permissions', 'itemLinksDetailed', 'itemNavigator', 'imageViews'); if (!empty($params['showMicroThumbs'])) { $dataTypes[] = 'navThumbnails'; } $ret = $this->loadCommonTemplateData($template, $item, $params, $dataTypes); if ($ret) { return array($ret, null); } return array(null, 'theme.tpl'); } /** * @see GalleryTheme::showModulePage */ function showModulePage(&$template, $item, $params, $templateFile) { $ret = $this->loadCommonTemplateData( $template, $item, $params, array('parents', 'systemLinks')); if ($ret) { return array($ret, null); } return array(null, 'theme.tpl'); } /** * @see GalleryTheme::showAdminPage */ function showAdminPage(&$template, $item, $params, $templateFile) { $ret = $this->loadCommonTemplateData( $template, $item, $params, array('parents', 'systemLinks')); if ($ret) { return array($ret, null); } return array(null, 'theme.tpl'); } /** * @see GalleryTheme::showErrorPage */ function showErrorPage(&$template) { return array(null, 'error.tpl'); } /** * @see GalleryTheme::showProgressBarPage */ function showProgressBarPage(&$template, $item, $params) { $ret = $this->loadCommonTemplateData( $template, $item, $params, array('parents', 'systemLinks')); if ($ret) { return array($ret, null); } return array(null, 'theme.tpl'); } } ?> How to Fix: Restrict the file or remove from production. Link to comment Share on other sites More sharing options...
Recommended Posts