V CMS beta test

[ComGuar]

Hello people!

 

I am testing CMS for vulnerabilities on the first place.

If you find any error, please send message to me or post it here. If you have any idea how I can improve CMS it would be nice to say me

Soon some components like forum and photo gallery will be added.

 

Website URL: http://goo.gl/rDcS0

Verification file: http://goo.gl/X6UAF

 

 

I created account for phpfreaks members, but I'll be happy if you register

 

username: phpfreaks

password: phpfreaks

 

 

Thanks in advance!

[darkfreaks]

Files listed in robots.txt but not linked

Vulnerability description

This file is listed in robots.txt but it's not linked anywhere in the site.

Affected items

/info

The impact of this vulnerability

Possible sensitive information disclosure.

How to fix this vulnerability

In robots.txt you should only include files or directories linked on the site.

 

other than that you seem to be good. but i have been fooled before.

[Coreye]

The message system is vulnerable to XSS attacks.

 

[ComGuar]

Thanks guys! Fixed

[darkfreaks]

i don't think it is fixed it is still popping up JS alerts with session id.

 

http://lmgtfy.com/?q=htmlpurifier+validation+php

 

 

[ComGuar]

Show me an example, crack it

[darkfreaks]

well first either FIX IT or remove the attak from your database so it can be retested. thank you.

[ComGuar]

I cleaned all

[darkfreaks]

i could not recreate what coreye posted but i ran all the strings i could. they just came out as text.

[ComGuar]

Yes, darkfreaks, there is no injection. Thanks

[darkfreaks]

@ComGuar: /info/ might not actually exist but according to your robots.txt file it is being disallowed. i checked manually instead of scanning. if it is not being  actually used it will be indexed by crawlers even if it is disallowed. might want to take it off.

[ComGuar]

Ok, but i disallowed all

 

 

robots.txt:

User-agent: *
Disallow: /

[ComGuar]

I added some stuff

[Coreye]

The "Last post" on the forum is incorrect.

 

 

The poster is correct, but the newest post doesn't have that subject.

[ComGuar]

Fixed, thanks Coreye! 

[darkfreaks]

http://goo.gl/robots.txt

 

 

you still have /info/ in your robots.txt please remove it if it does not link to the site.

[ComGuar]

Darkfreaks, this is not my robots.txt file!

This file is hosted on goo.gl site.

[darkfreaks]

so i was trying to figure out why it was picking up SQL injection on your site so i launched it visually  and in your page i see this.....

 

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '2000'' at line 1

 

 

[ComGuar]

Thanks Darkfreaks!

Please tell me where on website you found error?

I need to know file name and what you did when error happened.

[darkfreaks]

not really sure what page it was but it had the link to the login and register page right above where the error was.

[darkfreaks]

if i were you i would run my SQL statements through a syntax checker like MIME SQL or Yacker SQL.

 

they usually tell you where your SQL has gone wrong syntax wise.

 

i am pretty sure it is on your index.php page. since i know it is not login or register pages.

 

 

[ComGuar]

It is server side, so you can't see syntax.

In debug mode error reporting is error_reporting(E_ALL), and there is no error.

Everything is working fine.

 

I will try scripts you suggested.

[darkfreaks]

also try making sure field|columns|tables are not MYSQL Reserved Words if they are they need to be enclosed with `backticks` and not 'single quotes' .

[ComGuar]

They are not, and every table have prefix.

[darkfreaks]

can you post the code for your index(main) page so i can see where you are going wrong? and why it errors everytime the value 1 is inserted.