[SOLVED] Please test my site for bugs.

[Dogboys]

My site: *link_removed*

 

Login: phpfreaks

password: phpfreaks

 

(You must have cookies enabled.)

 

Then after you log in go to *link_removed*/test18.php

 

Currently I'm working it for some sort of game but it really does no good to countuine working on if its full of bugs, right?

 

The main three places that have user input from what I see (Excuse my ignorance if I'm wrong.) is:

*link_removed*/sendmessage.php

*link_removed*/landdefense.php

*link_removed*

 

Those are the three pages which I can clearly see user inputting information. Of course I might be completely wrong.

 

So thats why I came here. Thanks for bug testing.

[darkfreaks]

Vulnerability description

This script is using phpinfo() function. This function outputs a large amount of information about the current state of PHP. This includes information about PHP compilation options and extensions, the PHP version, server information and environment (if compiled as a module), the PHP environment, OS version information, paths, master and local values of configuration options, HTTP headers, and the PHP License.

This vulnerability affects /test.php.

The impact of this vulnerability

This file may expose sensitive information that may help an malicious user to prepare more advanced attacks.

Attack details

We found

<title>phpinfo()</title>

Solution: remove the phpinfo file

[Dogboys]

Lol do you have some sort of program that runs through all the files?

 

Okay I deleted phpinfo(). Thanks. Anything else?

[darkfreaks]

yes i do

Vulnerability description

Looks like the source code for this script is available. This check is using pattern matching to determine if server side tags are found in the file. In some cases this may generate false positives.

This vulnerability affects /php.ini.

The impact of this vulnerability

An attacker can gather sensitive information (database connection strings, application logic) by analysing the source code. This information can be used to conduct further attacks.

 

Attack details

We found

<% %>

Solution: remove the file from your server

[Dogboys]

Is there any way to keep /php.ini with its content but secure it still?

 

I really need that file for the server as thats the only way you can have a php.ini on freehostia.com or then the default php.ini will enable GPC which is a nightmare.

[darkfreaks]

you could restrict the file on the server other than that there isnt much you can do, if its part of the script its an exploit if not dont worry about it if you plan on moving

 

anyhow my scanner managed to find several hidden input email fields might wanna read up on spam proofing your site

 

http://evolt.org/article/Spam_Proofing_Your_Website/20/41849/

 

 

[Dogboys]

Whats the worse of people knowing the php.ini? It just reveals my settings right or can it do something fatal with it?

 

I shouldn't have any email fields on my website though. Could you refer to which page(s) you are talking about?

 

I probably should delete some of my misc. files that really were just for messing around with.

[darkfreaks]

amazingly it was found in the php.ini file ???

[Dogboys]

Hmmm okay I see your point now. Php.ini deleted.

 

Do you know of any ways to disable GPC without using a php.ini? Like someway to override the default php.ini?

[darkfreaks]

http://abeautifulsite.net/notebook/41

[Dogboys]

Thanks! Are there any other bugs?

[darkfreaks]

nope just those 2 files causing problems. if you want me to rescan when your done just let me know

[Dogboys]

Hmmm my server doesn't allow an .htaccess .

 

Guess I'll just have to live with striping slashes from everything an extra time.

 

What happens if your scanner is checking a file that requires to have a cookie? Will it be able to check that as well?

 

 

[darkfreaks]

yes it will

[Dogboys]

Okay cool. Could you go ahead and see if there are any bugs?

 

Some new bugs might exist since php.ini is deleted.

[darkfreaks]

looks pretty good other than

 

 

GHDB: Possible temporary file/directory

The description for this alert is contributed by the GHDB community, it may contain inappropriate language.

Category : Sensitive Directories

 

Many times, this search will reveal temporary files and directories on the web server. The information included in these files and directories will vary, but an attacker could use this information in an information gathering campaign.

This vulnerability affects /tmp.

[Dogboys]

Wait what do I do to fix that though? I don't really understand what that means.

[Dogboys]

Oh, also there is no way to get the source code of any of the pages, right?

[darkfreaks]

no there are no exploits and that one is so small anyway i wouldnt worry about it, it seems to be non related to your script :-\

[Dogboys]

All that bug does is so they know all the files and folders on my server, right?

 

But can't they find all the files and folders the same way your program does?

[Dogboys]

Okay just added an index.php to all those folders so that way that bug shouldn't occure. Thanks for all the help darkfreaks! Really appreciate it.