Jump to content

General Site Test

tommyboy123x

By tommyboy123x
in Beta Test Your Stuff!

 Share

Recommended Posts

tommyboy123x Member

tommyboy123x

Posted
Posted

Been working on a project, this one is actually for myself / a friend :-)

 

but i want to make sure I'm not leaving some security holes open or there are some major/minor bugs with the scripts or things like that... there might be a few scripts that aren't refresh-proof (as in, if a user refreshes the page it won't put more data into a table or something like that), but besides that could i get general test / results for this?

 

http://sparkcash.net/

http://sparkcash.net/inside/

http://sparkcash.net/inside/forums/

 

I've gone "out of my way", so to say, to support ie, ff, and safari, so if some of the styles are incorrect..... or even missing, say what browser / version you were using please

 

Thanks in advance,

Tom

Link to comment
Share on other sites
tommyboy123x Member

tommyboy123x

Posted
  • Author
Posted

when i said little i didnt mean unimportant.  I know what xss is and its an extreme risk... but its also not the same as an sql injection imo which just screams i like to be hacked.  Maybe its just the way i was taught, but either way its right up there w/ sql injection.

 

...but still that doesn't mean it is "little", i only said that because you made a joke out of it (the owned marquee) rather than doing something dangerous.

 

I'm appreciative of the help, so don't get me wrong there either.

Link to comment
Share on other sites
448191 Advanced Member

448191

Posted
Posted

"find little expoits or w/e like what source got"

*source coughs then highlights

 

 

little

 

a xss hole is NOT little. learn wtf you are talking about before you say "little"

 

 

 

Take a couple of breaths before you freak out. If the OP does not care much about XSS (granted that he shouldn't post here and is wasting everybody's time), his loss.

 

Although I must agree that inserting a marquee is only a tiny exploit. Try stealing a cookie using JavaScript or by loading an external entity (i.e. an image), then he has something to worry about.

Link to comment
Share on other sites
agentsteal Newbie

agentsteal

Posted
Posted

Array:

http://www.sparkcash.net/inside/tracker.php?c[]

 

Array:

http://www.sparkcash.net/inside/tracker.php?url[]

 

Array:

http://www.sparkcash.net/signup.php?r[]

 

Cross Site Scripting:

http://www.sparkcash.net/signup.php?r="><td><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

There is Cross Site Scripting when you register if the fields contain code.

 

Drop Down Menu:

If you edit the drop down menu on http://www.sparkcash.net/inside/offers.php you can submit arbitrary values.

 

Insecure Cookie:

You shouldn't put the password in the cookie.

 

Insecure Cookie:

You shouldn't put the username in the cookie.

 

URL Inclusion:

http://www.sparkcash.net/inside/tracker.php?url=http://www.google.com/

Link to comment
Share on other sites
source Newbie

source

Posted
Posted

"Take a couple of breaths before you freak out. If the OP does not care much about XSS (granted that he shouldn't post here and is wasting everybody's time), his loss.

 

Although I must agree that inserting a marquee is only a tiny exploit. Try stealing a cookie using JavaScript or by loading an external entity (i.e. an image), then he has something to worry about."

 

{snip}

 

If you can use <marquee> you can steal cookies.

Link to comment
Share on other sites
448191 Advanced Member

448191

Posted
Posted

You just crossed the line of acceptable behaviour. Please note that you've been reported to the moderators.

 

And for the record, as a marquee doesn't load any external entities, it cannot be abused for XSS. It's a possible sign that there might be possible XSS exploits, not a definitive sign.

 

And I can assure you I'm not in the habit of sticking anything up my rear end.  :-*  :P

Link to comment
Share on other sites
redbullmarky Advanced Member

redbullmarky

Posted
Posted

source - using statements like your last one around these parts is not on - especially over something so trivial as someone else having an opinion/different spin on things. and hammering someone who has asked for help just because of their slightly incorrect choice of words.

 

keep a lid on it, please - if you're going to point out the fact that an exploit isn't trivial, then "learn wtf youre on  about" is less favourable to explaining exactly what the link between injecting a marquee and XSS attacks.

Link to comment
Share on other sites
tommyboy123x Member

tommyboy123x

Posted
  • Author
Posted

the cookie stuff is only to check for duplicate users/verify the user doesnt try to use the javascript:void injections...if they do it'll see that and mark their account.  it prmerily uses sessions for authing, and passwords are in md5 + another enc type... virtually un crackable despite users pword strength

 

i'll also be fixing the xss when i get home (im using a smartboard  right now : at school :-P)

Link to comment
Share on other sites
tommyboy123x Member

tommyboy123x

Posted
  • Author
Posted

If you want true security you should be salting and md5ing/sha1 the passwords multiple times.

 

........which is what i am doing....

 

and passwords are in md5 + another enc type

 

it isn't live yet but the files on my computer right now use the multi-pass encryption - obviously the last is md5.  And yes when i say virtually uncrackable i mean it... try cracking  hash of a base64 string or sha1.  It is almost guarenteed to have something more than jusut lowercase letters on the home row, and last time i checked c&a takes around 1e100 years (+/- 1e100 years of course) to crack this.

 

I appreciate the help, but i already got that taken care of :-).

 

What i've come to see is that xss and sql injections are the most comon exploits - please correct me if i'm wrong.  To stop the xss, i would use some kind of code like (excuse the crudeness... and possible syntax errors)

 

if ((strstr($input, 'javascript') || strstr($input, 'void') || strstr($input, 'script') || strstr($input, 'http'))){
   //send the user back
   exit();
   }

 

or is there already a php function like mysql_real_escape_string?  I know about striptags, but does that cover it?

 

Also should it go

 

mysql_real_escape_string(strip_tags($input));

 

or

 

strip_tags(mysql_real_escape_string($input));

 

?

 

 

-Tom

Link to comment
Share on other sites
tommyboy123x Member

tommyboy123x

Posted
  • Author
Posted

for the tracker url's, is there a problem with having it not filter out things... i mean the url=xxx just takes the user to the offer... if they dont want to they dont have to do the offer... or are there other things that could screw the site up?

 

Thanks i'll get to work :-)

Link to comment
Share on other sites
tommyboy123x Member

tommyboy123x

Posted
  • Author
Posted

editing timed out - sry for double post

 

I fixed all the problems mentioned except for the signup fields (such as email, address, etc) for xss and the javascript injections / sql injections (w/ the search feature on the offers page)... if you end up finding something please post it :-)

 

 

edit:  basically anything aside from the signup page is what i believe to be secure.  I'll be fixing the signup page in a few minutes and i'll announce when it is "secure"

Link to comment
Share on other sites
tommyboy123x Member

tommyboy123x

Posted
  • Author
Posted

i love triple posting......

 

 

as far as i know, the sign up page is "secure" as well as everything else... obviously don't do anything to corrupt the db's, but if you can query the db's, its just as good but less harmful if its possible... if that makes any sense.

 

revised:

Sign up page xss

profile xss

tracker.php xss and exploits

search exploits

 

also i deleted the users "username" and "agentsteal" to clear out the old xss marquee's in the database... i figured it couldn't be good anyways :-P

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.