Jump to content

Test if you can get in without authorized access, etc...

kratsg

By kratsg
in Beta Test Your Stuff!

 Share

Recommended Posts

kratsg Regular Member

kratsg

Posted
Posted

http://student.cse.fau.edu/~gstark1/password/unprotected.php

 

This is the URL, basically, the php page forces a PHP Authentication Header. See if you can try and bypass this. (I'm testing to see HOW secure the usernames and passwords are).

 

 

Also, the files that the script checks against are .htpasswd and .htgroup (atm they are in the same directory, but I will be moving them above the public_html directory later). The server that I'm on seems to auto-block these files which is nice (or maybe I'm wrong?)

 

If it auto-blocks these files, maybe someone could let me know of the .htaccess code for that part?

agentsteal Newbie

agentsteal

Posted
Posted

Array:

http://student.cse.fau.edu/~gstark1/php/includes/restaurants.php?start[]

 

Array:

http://student.cse.fau.edu/~gstark1/php/includes/rot_13.php?input[]

 

Cross Site Scripting:

http://student.cse.fau.edu/~gstark1/php/includes/restaurants.php?start='><marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

http://student.cse.fau.edu/~gstark1/php/includes/rot_13.php?input=<znedhrr><u1>ihyarenoyr</znedhrr>

 

Cross Site Scripting:

There is Cross Site Scripting if the Expect header contains code.

 

Full Path Disclosure:

http://student.cse.fau.edu/~gstark1/php/includes/database_connect.php

Warning: mysql_connect(): Access denied for user 'giordon'@'pluto.cse.fau.edu' (using password: YES) in /home/cseugrads/gstark1/public_html/php/includes/database_connect.php on line 5

Access denied for user 'giordon'@'pluto.cse.fau.edu' (using password: YES)

 

Full Path Disclosure:

There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value.

Warning: session_start(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in /home/cseugrads/gstark1/public_html/php/webSurvey.php on line 8

 

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/cseugrads/gstark1/public_html/php/webSurvey.php:8) in /home/cseugrads/gstark1/public_html/php/webSurvey.php on line 8

 

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/cseugrads/gstark1/public_html/php/webSurvey.php:8) in /home/cseugrads/gstark1/public_html/php/webSurvey.php on line 8

 

Warning: Unknown(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in Unknown on line 0

 

Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/home/cseugrads/gstark1/tmp) in Unknown on line 0

 

Includes Directory:

http://student.cse.fau.edu/~gstark1/password/

 

Includes Directory:

http://student.cse.fau.edu/~gstark1/php/

kratsg Regular Member

kratsg

Posted
  • Author
Posted

You should block this directory:

http://student.cse.fau.edu/~gstark1/password/

 

You should block this directory:

http://student.cse.fau.edu/~gstark1/php/

 

Actually, if you tried it yourself with the first one, just because you can see the files doesn't mean you can access them. I don't really care if anyone sees the files, it's not like they know what's in them O_o

 

The /php/ one was just recently uploaded to test something, it's not gonna be there long.

 

Cross Site Scripting:

http://student.cse.fau.edu/~gstark1/php/includes/rot_13.php?input=<znedhrr><u1>ihyarenoyr

 

Array:

http://student.cse.fau.edu/~gstark1/php/includes/rot_13.php?input[]

 

Full Path Disclosure:

http://student.cse.fau.edu/~gstark1/php/includes/database_connect.php

Warning: mysql_connect(): Access denied for user 'giordon'@'pluto.cse.fau.edu' (using password: YES) in /home/cseugrads/gstark1/public_html/php/includes/database_connect.php on line 5

Access denied for user 'giordon'@'pluto.cse.fau.edu' (using password: YES)

 

Cross Site Scripting:

http://student.cse.fau.edu/~gstark1/php/includes/restaurants.php?start='><marquee><h1>vulnerable

 

Array:

http://student.cse.fau.edu/~gstark1/php/includes/restaurants.php?start[]

 

Those are also part of the temp files that are going down (they're random scripts that seem stupid).

 

http://student.cse.fau.edu/~gstark1/php/webSurvey.php has Full Path Disclosure if you set PHPSESSID in the cookie to an invalid value.

Warning: session_start(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in /home/cseugrads/gstark1/public_html/php/webSurvey.php on line 8

 

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/cseugrads/gstark1/public_html/php/webSurvey.php:8) in /home/cseugrads/gstark1/public_html/php/webSurvey.php on line 8

 

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/cseugrads/gstark1/public_html/php/webSurvey.php:8) in /home/cseugrads/gstark1/public_html/php/webSurvey.php on line 8

 

Warning: Unknown(): The session id contains invalid characters, valid characters are only a-z, A-Z and 0-9 in Unknown on line 0

 

Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/home/cseugrads/gstark1/tmp) in Unknown on line 0

 

Your site is vulnerable to Cross Site Scripting through the Expect header.

 

How'd you get to change the PHPSESSID cookie? Manually edit the cookie or through the URL? And what do you mean Cross Site Scripting through the Expect header. What does that mean?

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.