Site needs to be tested

charliepage · October 29, 2007

http://www.iraqresearch.org

I'm more interested in whether the CMS running it has security issues and if so, what they are. There are no direct links to it at the moment but to login it's /login.html and /register.html . Any problems found would be nice to know about, thank you.

XRayden · October 29, 2007

i'm unable to connect.

page is blank but i've got the favicon

charliepage · October 29, 2007

Yeah, I'm sorry about that. Hosting started having issues just about 5 minutes ago, I'll post here once it is working okay.

charliepage · October 29, 2007

Alright, it should be working now.

agentsteal · October 29, 2007

Insecure Cookie:

You shouldn't put the password in the cookie.

Insecure Cookie:

You shouldn't put the username in the cookie.

URL Inclusion:

http://www.iraqresearch.org/go/google.com

User Enumeration:

http://www.iraqresearch.org/~nobody

User Enumeration:

http://www.iraqresearch.org/~root

charliepage · October 29, 2007

You shouldn't put the username and password in the cookie.

You mean the value of the username and password, how do I validate there info then?

URL inclusion:

http://www.iraqresearch.org/go/google.com

If I check that the URL is valid, is that a problem still and if so, why? (just curious)

User Enumeration:

http://www.iraqresearch.org/~root

User Enumeration:

http://www.iraqresearch.org/~nobody

I'm a bit confused about this, what this does and why it's bad?

Thank you.

Sign In

Site needs to be tested

Recommended Posts

charliepage

Link to comment

Share on other sites

XRayden

Link to comment

Share on other sites

charliepage

Link to comment

Share on other sites

charliepage

Link to comment

Share on other sites

agentsteal

Link to comment

Share on other sites

charliepage

Link to comment

Share on other sites

Browse

Activity

Important Information