Vulnerability Test

[Coreye]

Hey guys,

 

I need you to try and find all the vulnerabilities and security holes you can on this site: http://tinyurl.com/2oxrx6.

 

There is many forms and other features to test for holes. Let me know if you find anything.

 

If you do find anything, please do XXXXX for the links.

 

If you don't want to register you can use these. I would prefer you register and test the register form for vulnerabilities as well as the rest of the site.

 

Username: demo

Password: demopass

 

Thanks,

Corey

[Coreye]

Known Bug:

 

Array: XXXXXXXX.com/register.php?r[]

[Rohan Shenoy]

You haven't hashed the stored passwords. This is bad and unethical practice. You see, not all wesite owners are that honest. Few make you register and steal your username and password.

Hash your passwords using sha1() or md5() functions

[agentsteal]

Array:

http://www.XXXXXXXX/faq.php?r[]

 

Array:

http://www.XXXXXXXX/register.php?r[]

 

Array:

http://www.XXXXXXXX/index.php?r[]

 

Array:

http://www.XXXXXXXX/profile.php?r[]

 

Array:

http://www.XXXXXXXX/credits.php?r[]

 

Array:

http://www.XXXXXXXX/login.php?r[]

 

Array:

http://www.XXXXXXXX/tos.php?r[]

 

Array:

http://www.XXXXXXXX/history.php?r[]

 

Array:

http://www.XXXXXXXX/advertise.php?r[]

 

Array:

http://www.XXXXXXXX/logout.php?r[]

 

Array:

http://www.XXXXXXXX/about.php?r[]

 

Array:

http://www.XXXXXXXX/contact.php?r[]

 

Array:

http://www.XXXXXXXX/surf.php?r[]

 

Array:

http://www.XXXXXXXX/privacy.php?r[]

 

Array:

http://www.XXXXXXXX/recoverpwd.php?r[]

 

Array:

http://www.XXXXXXXX/members.php?r[]

 

Array:

http://www.XXXXXXXX/messenger.php?r[]

 

Array:

http://www.XXXXXXXX/referals.php?r[]

 

Array:

http://www.XXXXXXXX/convert.php?r[]

 

Array:

http://www.XXXXXXXX/upgrade.php?r[]

 

Array:

http://www.XXXXXXXX/contest.php?r[]

 

Array:

http://www.XXXXXXXX/news.php?r[]

 

Array:

http://www.XXXXXXXX/banners.php?r[]

 

Cross Site Scripting:

http://www.XXXXXXXX/convert.php?convert=cash&poname=paypal<marquee><h1>vulnerable</marquee>

 

Cross Site Scripting:

There is Cross Site Scripting when you register if the fields contain code.

 

Cross Site Scripting:

There is Cross Site Scripting when you log in if the fields contain code.

 

DOS:

http://www.XXXXXXXX/logout.php/

 

DOS:

http://www.XXXXXXXX/chkudtsess.php/

 

DOS:

http://www.XXXXXXXX/chkudtsess_du.php/

 

DOS:

http://www.XXXXXXXX/members.php/

 

DOS:

http://www.XXXXXXXX/profile.php/

 

DOS:

http://www.XXXXXXXX/history.php/

 

DOS:

http://www.XXXXXXXX/messenger.php/

 

DOS:

http://www.XXXXXXXX/referals.php/

 

DOS:

http://www.XXXXXXXX/convert.php/

 

DOS:

http://www.XXXXXXXX/upgrade.php/

 

DOS:

http://www.XXXXXXXX/contest.php/

 

DOS:

http://www.XXXXXXXX/news.php/

 

DOS:

http://www.XXXXXXXX/banners.php/

 

DOS:

http://www.XXXXXXXX/advertise.php/

 

DOS:

http://www.XXXXXXXX/credits.php/

 

Full Path Disclosure:

http://www.XXXXXXXX/viewp.php?ad=\

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/buddypon/public_html/viewp.php on line 17

 

Full Path Disclosure:

There is Full Path Disclosure on http://www.XXXXXXXX/upgrade.php if you submit the form.

Fatal error: Cannot redeclare ucayunjd() (previously declared in /home/buddypon/public_html/chkudtsess.php:3) in /home/buddypon/public_html/chkudtsess_du.php on line 3

 

Insecure Cookie:

You shouldn't put the username in the cookie.

 

User Enumeration:

http://www.XXXXXXXX/~buddypon

 

User Enumeration:

http://www.XXXXXXXX/~root

[Coreye]

Do XXXXX for the links as I requested please. .

 

and Rohan Shenoy, I'm just BETA testing this for someone. I have there permission though.

 

Thanks for finding some,

Corey