Jump to content

Please check for vulnerabilities/mistakes!

imperialized

By imperialized
in Beta Test Your Stuff!

 Share

Recommended Posts

imperialized Member

imperialized

Posted
Posted

My website is www.imperialized.net

 

I am somewhat new to PHP and just work on it in my spare time. However, I am not very good with security and I am sure there are some vulnerabilities that could use some looking at. If any of you have some time, I would appreciate if you could give it a look!

 

ps. It does require a login, I will create a username/pass for you to use.

 

please use Login: Guest  password: test

 

 

also, I know that the member list is down, I am currently working on it. Thanks

Link to comment
https://forums.phpfreaks.com/topic/94328-please-check-for-vulnerabilitiesmistakes/
Share on other sites
helraizer Regular Member

helraizer

Posted
Posted

http://www.imperialized.net/view_profile.php?user[]

 

User Details for Array

 

XSS

http://www.imperialized.net/view_profile.php?user=%3Cmarquee%20direction=right%20behavior=alternate%3Evunerable%3C/marquee%3E

 

XSS

http://www.imperialized.net/view_profile.php?user=%3Cscript%3Ealert(1);%3C/script%3E

 

 

 

 

 

 

Coreye Member

Coreye

Posted
Posted

Cross Site Scripting:

http://www.imperialized.net/login.php?username="><marquee><h1>Corey

 

Array:

]http://www.imperialized.net/login.php?username[]

 

Cross Site Scripting:

You can submit ">code when adding a comment.

 

Cross Site Scripting:

You can submit ">code when editing your profile.

 

Full Path Disclosure:

http://www.imperialized.net/arcade/Arcade.php?limit=20&show=20&page[]

Fatal error: Unsupported operand types in /home/rustednu/public_html/imperial/new/arcade/Arcade.php on line 198

 

imperialized Member

imperialized

Posted
  • Author
Posted

I see what you did here, but how can I go about fixing this?

 

For the User_Details.php.... would you recommend checking the username presented with the database, if the user is not there, error

if the user is present, allow the script to continue?

 

How do I fix the edit_profile to prevent HTML, or any code, rather from being presented?

imperialized Member

imperialized

Posted
  • Author
Posted

First, I'd like to say thanks to all of you, I appreciate the quick response and effort you put in to helping me secure my website. By the way, Do you like how it is set up? I appreciate feedback/criticism. Thanks

 

Fixed:

Cross Site Scripting:

http://www.imperialized.net/login.php?username="><marquee><h1>Corey

 

Fixed:

Array:

]http://www.imperialized.net/login.php?username[]

 

Fixed:

Cross Site Scripting:

You can submit ">code when adding a comment.

 

Fixed:

Cross Site Scripting:

You can submit ">code when editing your profile.

 

edit:

Fixed:

Cross Site Scripting:

http://www.imperialized.net/view_profile.php?user=%3Cmarquee%20direction=right%20behavior=alternate%3Evunerable%3C/marquee%3E

 

I imagine I need to fix my registration as well, to prevent HTML code, but I gotta go to work so I will have to do it later

  • 1 month later...
  • 2 weeks later...
imperialized Member

imperialized

Posted
  • Author
Posted

http://www.imperialized.net/view_image.php?id=5%20and%20MID(id,1,1)%20LIKE%20char(53) <== SQL Injection.

//Fixed. Added Is_Numeric and a Check with database to ensure that the ID did exists.

 

http://www.imperialized.net/comments.php?id='

//Fixed. Added Is_Numeric and a Check with database to ensure that the ID did exists.

FlyingIsFun1217 Member

FlyingIsFun1217

Posted
Posted

My only suggestion is to add a link on the login error page to go back to the index. Or maybe just notify the user on the main page that the login was unsuccessful.

 

Another thing, you don't want to state what was found or not ('username not found'). This only helps hackers figure out things.

 

FlyingIsFun1217

imperialized Member

imperialized

Posted
  • Author
Posted

My only suggestion is to add a link on the login error page to go back to the index. Or maybe just notify the user on the main page that the login was unsuccessful.

 

Another thing, you don't want to state what was found or not ('username not found'). This only helps hackers figure out things.

 

FlyingIsFun1217

 

 

Done. Never really thought about that. I changed it to redirect back to the home page and provide an error at the top. Thanks for the opinion/advice

  • 3 weeks later...
imperialized Member

imperialized

Posted
  • Author
Posted

Ok Ok! Time to test some new parts of the site! I hope you guys can help..

 

Ok, well.. I've been playing around with AJAX a little bit and incorporating it into my website.

 

I've added users the ability to post comments on images that have been uploaded, and also have created a Chat room..

 

The Chat does not seem to function in IE, so for those of you using IE, the Chat will not display for you, however, the image comments page will.

 

If someone has some time, please take a look around to ensure security, functionality.

 

Thanks, David

 

ps. login is still guest/guest

Coreye Member

Coreye

Posted
Posted

Cross Site Scripting(XSS):

http://www.imperialized.net/view_profile.php?user="><marquee><h1>Corey

 

Cross Site Scripting(XSS):

http://www.imperialized.net/view_profile.php?user=<script>alert(1);</script>

 

Full Path Disclosure:

http://www.imperialized.net/arcade/Arcade.php?limit=20&show=20&page[]

Fatal error: Unsupported operand types in /home/rustednu/public_html/imperial/new/arcade/Arcade.php on line 198

 

 

 

imperialized Member

imperialized

Posted
  • Author
Posted

Cross Site Scripting(XSS):

http://www.imperialized.net/view_profile.php?user="><marquee><h1>Corey

 

Cross Site Scripting(XSS):

http://www.imperialized.net/view_profile.php?user=<script>alert(1);</script>

 

Full Path Disclosure:

http://www.imperialized.net/arcade/Arcade.php?limit=20&show=20&page[]

Fatal error: Unsupported operand types in /home/rustednu/public_html/imperial/new/arcade/Arcade.php on line 198

 

 

 

 

Should all be fixed. Thanks for the help.

Coreye Member

Coreye

Posted
Posted

Full Path Disclosure:

http://www.imperialized.net/arcade/Arcade.php?play[]

Warning: setcookie() expects parameter 2 to be string, array given in /home/imperial/public_html/arcade/Arcade.php on line 27

 

Warning: Cannot modify header information - headers already sent by (output started at /home/imperial/public_html/arcade/Arcade.php:27) in /home/imperial/public_html/arcade/Arcade.php on line 144

 

Full Path Disclosure:

http://www.imperialized.net/arcade/Arcade.php?action=profile&user[]

Warning: htmlspecialchars() expects parameter 1 to be string, array given in /home/imperial/public_html/arcade/Arcade.php on line 104

 

Full Path Disclosure:

http://www.imperialized.net/arcade/Arcade.php?cat=&limit[]

Fatal error: Unsupported operand types in /home/imperial/public_html/arcade/Arcade.php on line 208
imperialized Member

imperialized

Posted
  • Author
Posted

Full Path Disclosure:

http://www.imperialized.net/arcade/Arcade.php?play[]

Warning: setcookie() expects parameter 2 to be string, array given in /home/imperial/public_html/arcade/Arcade.php on line 27

 

Warning: Cannot modify header information - headers already sent by (output started at /home/imperial/public_html/arcade/Arcade.php:27) in /home/imperial/public_html/arcade/Arcade.php on line 144

 

Full Path Disclosure:

http://www.imperialized.net/arcade/Arcade.php?action=profile&user[]

Warning: htmlspecialchars() expects parameter 1 to be string, array given in /home/imperial/public_html/arcade/Arcade.php on line 104

 

Full Path Disclosure:

http://www.imperialized.net/arcade/Arcade.php?cat=&limit[]

Fatal error: Unsupported operand types in /home/imperial/public_html/arcade/Arcade.php on line 208

 

Full Path Disclosure:

http://www.imperialized.net/arcade/Arcade.php?play[]

Warning: setcookie() expects parameter 2 to be string, array given in /home/imperial/public_html/arcade/Arcade.php on line 27

*Fixed.

 

However, for the other 2 errors you provided.. I was unable to get these errors? I tried in both IE&FF

 

Full Path Disclosure:

http://www.imperialized.net/arcade/Arcade.php?action=profile&user[]

Warning: htmlspecialchars() expects parameter 1 to be string, array given in /home/imperial/public_html/arcade/Arcade.php on line 104

*I got an error saying that this user did not exists in the database, and the other error just took me to the main page.

 

 

Thanks again for your time/effort. I appreciate it.

 

Coreye Member

Coreye

Posted
Posted

However, for the other 2 errors you provided.. I was unable to get these errors? I tried in both IE&FF

*I got an error saying that this user did not exists in the database, and the other error just took me to the main page.

Thanks again for your time/effort. I appreciate it.

 

You have to add [] to the end. Your only adding one [. The way SMF BBCode is set it, it's counting them as ending the BBCode.

http://www.imperialized.net/arcade/Arcade.php?action=profile&user[]
Error: Warning: htmlspecialchars() expects parameter 1 to be string, array given in /home/imperial/public_html/arcade/Arcade.php on line 126

http://www.imperialized.net/arcade/Arcade.php?cat=&limit[]
Error: Fatal error: Unsupported operand types in /home/imperial/public_html/arcade/Arcade.php on line 230

  • 1 month later...
darkfreaks Advanced Member

darkfreaks

Posted
Posted

User credentials are sent in clear text

 

The impact of this vulnerability

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

 

How to fix this vulnerability

Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.

 

Password type input with autocomplete

The impact of this vulnerability

Possible sensitive information disclosure

 

How to fix this vulnerability

The password autocomplete should be disabled in sensitive applications.

To disable autocomplete, you may use a code similar to:

<INPUT TYPE="password" AUTOCOMPLETE="off">

 

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.