Ryokotsusai Posted November 29, 2007 Share Posted November 29, 2007 Hi, I have a small page I am working on as a side project to test and set up pages for another site, so I guess here it goes, I would like to see if there are any openings in the login page, or any other page really : http://char.rev-ro.com/login.php (pretty simple) and anything else you can come up with >.< thanks Link to comment Share on other sites More sharing options...
Ryokotsusai Posted November 29, 2007 Author Share Posted November 29, 2007 ok, I just severely shut down the sites db privileges so my db is protected at least a little bit, but if you would like to log in and mess with things username: hackme password: hackme please, no indecent pictures I'm going to bed now Link to comment Share on other sites More sharing options...
Coreye Posted November 29, 2007 Share Posted November 29, 2007 Not really a big deal.. but you can put 10 spaces for the "Display Name" when editing it. You might want to disable that for this... someone will edit it and then we can't test it... lol You can also do 9 spaces then 1 letter when editing the "Display Name" and on the members page it's just one letter even though you have a 10 letter minimum. Link to comment Share on other sites More sharing options...
agentsteal Posted November 29, 2007 Share Posted November 29, 2007 Cross Site Scripting: http://char.rev-ro.com/img.php?"><marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting in the avatars. Cross Site Scripting: There is Cross Site Scripting if the Player Bio field contains </textarea>code. Cross Site Scripting: There is Cross Site Scripting if the Expect header contains code. Full Path Disclosure: There is Full Path Disclosure if the PHPSESSID cookie is set to an invalid value. Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/www/char.rev-ro.com/cnf/cnf.php on line 2 Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/www/char.rev-ro.com/cnf/cnf.php:2) in /home/www/char.rev-ro.com/cnf/cnf.php on line 2 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/www/char.rev-ro.com/cnf/cnf.php:2) in /home/www/char.rev-ro.com/cnf/cnf.php on line 2 Link to comment Share on other sites More sharing options...
Azu Posted November 29, 2007 Share Posted November 29, 2007 There's a bug with how you're escaping input for display name. It adds a whole ton of backslashes one after another, and deletes things instead of escaping them.. Example; input "'><;':"[]{}()*&^%$#@!~ Output \"\'><;\':\"[] Press submit again and.. \\\"\\\'><;\\\':\\\etc. Link to comment Share on other sites More sharing options...
The Little Guy Posted November 29, 2007 Share Posted November 29, 2007 Do NOT tell the user that the password is incorrect, or that the user name is incorrect or doesn't exit. I recommend changing it to say something like: "User Name or Password is Incorrect" Link to comment Share on other sites More sharing options...
Ryokotsusai Posted November 30, 2007 Author Share Posted November 30, 2007 Do NOT tell the user that the password is incorrect, or that the user name is incorrect or doesn't exit. I recommend changing it to say something like: "User Name or Password is Incorrect" Done Cross Site Scripting: (In Internet Explorer) http://char.rev-ro.com/img.php?"><marquee><h1>vulnerable</marquee> Done (that's a strange one) The "Display Name" says "Please enter more than 10 characters." but you can enter 4 characters. The "Player Bio" says "Please enter at lease ten characters." even if you enter more than 10 characters. Sorry about that, fixed The avatars are vulnerable to Cross Site Scripting in IE. POC: http://char.rev-ro.com/imgs/uimgs/acc/2000116.jpg If you upload an avatar, then upload an avatar with a different image type, the first avatar isn't deleted. Pretty sure thats fixed Your site is vulnerable to Cross Site Scripting through the Expect header. Not sure what that is There is Cross Site Scripting if put </textarea>code in the "Player Bio" on the edit page. Fixed I will try to fix the others from work, and put a filter on what the display name can be, and on the bio Link to comment Share on other sites More sharing options...
Ryokotsusai Posted November 30, 2007 Author Share Posted November 30, 2007 I am having trouble figuring that one out (I have never heard of that before) Link to comment Share on other sites More sharing options...
gtal3x Posted November 30, 2007 Share Posted November 30, 2007 agentsteal: do you have programs wich test the website or do you do that manualy? if you use programs tell me the name Link to comment Share on other sites More sharing options...
Ryokotsusai Posted December 1, 2007 Author Share Posted December 1, 2007 I don't have control over the version of apache on this server, is there way, other than updating to a later version, to protect against that? Link to comment Share on other sites More sharing options...
Azu Posted December 1, 2007 Share Posted December 1, 2007 Since this is a vulnerability in those versions of Apache, you are probably going to be vulnerable if you use those versions of Apache. Contact your hosting company and tell them that they need to update. Link to comment Share on other sites More sharing options...
Recommended Posts