|
-
Mar 13th, 2007, 04:31 PM
#1
Thread Starter
Member
Members section of new website
Hi,
Does anyone want to help me test out the members area of a new site I'm working on... If anyone is bored, please let me know... Thanks
-
Mar 15th, 2007, 12:56 AM
#2
Re: Members section of new website
Everything that has a computer in will fail. Everything in your life, from a watch to a car to, you know, a radio, to an iPhone, it will fail if it has a computer in it. They should kill the people who made those things.- 'Woz'
save a blobFileStreamDataTable To Text Filemy blog
-
Mar 18th, 2007, 08:36 PM
#3
Thread Starter
Member
Re: Members section of new website
 Originally Posted by abhijit
where is it?
Sorry, its http://www.yourcode.info
-
Apr 16th, 2007, 02:58 PM
#4
Frenzied Member
Re: Members section of new website
1. Parts of your site are vulnerable to XSS (Cross Site Scripting) attacks.
Blah
2. Your cookies are in plain text and are associated with "Usernames"
Host: www.yourcode.info
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.yourcode.info/login.asp
Cookie: ASPSESSIONIDACSSCAAA=FBNFLAJBDOGDMNACAELEJIFP; Username=blah; Code=TUOEH
I didn't actually attempt to hijack an account, but you should encrypt all cookie data.
3. Your site may be vulnerable to a SQL Injection attack.
http://www.yourcode.info/profile.asp?id=a
4. You are storing "User" information in a hidden field, this could be manipulated to impersonate another user.
On the "Contact.asp" page.
<input type="hidden" name="user" value="blah">
Being educated does not make you intelligent.
Need a weekend getaway??? Come Visit
-
Apr 17th, 2007, 11:19 PM
#5
Thread Starter
Member
Re: Members section of new website
Originally Posted by Memnoch1207
1. Parts of your site are vulnerable to XSS (Cross Site Scripting) attacks.
Blah
2. Your cookies are in plain text and are associated with "Usernames"
I didn't actually attempt to hijack an account, but you should encrypt all cookie data.
3. Your site may be vulnerable to a SQL Injection attack.
http://www.yourcode.info/profile.asp?id=a
4. You are storing "User" information in a hidden field, this could be manipulated to impersonate another user.
On the "Contact.asp" page.
Thanks for the help!
I'm working on overhauling the entire site right now, and will definitely work those tips into the new design...
Much appreciated!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote