Coreye Posted February 17, 2008 Share Posted February 17, 2008 Hey guys, I need you to try and find all the vulnerabilities and security holes you can on this site: http://tinyurl.com/2oxrx6. There is many forms and other features to test for holes. Let me know if you find anything. If you do find anything, please do XXXXX for the links. If you don't want to register you can use these. I would prefer you register and test the register form for vulnerabilities as well as the rest of the site. Username: demo Password: demopass Thanks, Corey Link to comment Share on other sites More sharing options...
Coreye Posted February 17, 2008 Author Share Posted February 17, 2008 Known Bug: Array: XXXXXXXX.com/register.php?r[] Link to comment Share on other sites More sharing options...
Rohan Shenoy Posted February 18, 2008 Share Posted February 18, 2008 You haven't hashed the stored passwords. This is bad and unethical practice. You see, not all wesite owners are that honest. Few make you register and steal your username and password. Hash your passwords using sha1() or md5() functions Link to comment Share on other sites More sharing options...
agentsteal Posted February 18, 2008 Share Posted February 18, 2008 Array: http://www.XXXXXXXX/faq.php?r[] Array: http://www.XXXXXXXX/register.php?r[] Array: http://www.XXXXXXXX/index.php?r[] Array: http://www.XXXXXXXX/profile.php?r[] Array: http://www.XXXXXXXX/credits.php?r[] Array: http://www.XXXXXXXX/login.php?r[] Array: http://www.XXXXXXXX/tos.php?r[] Array: http://www.XXXXXXXX/history.php?r[] Array: http://www.XXXXXXXX/advertise.php?r[] Array: http://www.XXXXXXXX/logout.php?r[] Array: http://www.XXXXXXXX/about.php?r[] Array: http://www.XXXXXXXX/contact.php?r[] Array: http://www.XXXXXXXX/surf.php?r[] Array: http://www.XXXXXXXX/privacy.php?r[] Array: http://www.XXXXXXXX/recoverpwd.php?r[] Array: http://www.XXXXXXXX/members.php?r[] Array: http://www.XXXXXXXX/messenger.php?r[] Array: http://www.XXXXXXXX/referals.php?r[] Array: http://www.XXXXXXXX/convert.php?r[] Array: http://www.XXXXXXXX/upgrade.php?r[] Array: http://www.XXXXXXXX/contest.php?r[] Array: http://www.XXXXXXXX/news.php?r[] Array: http://www.XXXXXXXX/banners.php?r[] Cross Site Scripting: http://www.XXXXXXXX/convert.php?convert=cash&poname=paypal<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting when you register if the fields contain code. Cross Site Scripting: There is Cross Site Scripting when you log in if the fields contain code. DOS: http://www.XXXXXXXX/logout.php/ DOS: http://www.XXXXXXXX/chkudtsess.php/ DOS: http://www.XXXXXXXX/chkudtsess_du.php/ DOS: http://www.XXXXXXXX/members.php/ DOS: http://www.XXXXXXXX/profile.php/ DOS: http://www.XXXXXXXX/history.php/ DOS: http://www.XXXXXXXX/messenger.php/ DOS: http://www.XXXXXXXX/referals.php/ DOS: http://www.XXXXXXXX/convert.php/ DOS: http://www.XXXXXXXX/upgrade.php/ DOS: http://www.XXXXXXXX/contest.php/ DOS: http://www.XXXXXXXX/news.php/ DOS: http://www.XXXXXXXX/banners.php/ DOS: http://www.XXXXXXXX/advertise.php/ DOS: http://www.XXXXXXXX/credits.php/ Full Path Disclosure: http://www.XXXXXXXX/viewp.php?ad=\ Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/buddypon/public_html/viewp.php on line 17 Full Path Disclosure: There is Full Path Disclosure on http://www.XXXXXXXX/upgrade.php if you submit the form. Fatal error: Cannot redeclare ucayunjd() (previously declared in /home/buddypon/public_html/chkudtsess.php:3) in /home/buddypon/public_html/chkudtsess_du.php on line 3 Insecure Cookie: You shouldn't put the username in the cookie. User Enumeration: http://www.XXXXXXXX/~buddypon User Enumeration: http://www.XXXXXXXX/~root Link to comment Share on other sites More sharing options...
Coreye Posted February 18, 2008 Author Share Posted February 18, 2008 Do XXXXX for the links as I requested please. . and Rohan Shenoy, I'm just BETA testing this for someone. I have there permission though. Thanks for finding some, Corey Link to comment Share on other sites More sharing options...
Recommended Posts