Hi,
Does anyone want to help me test out the members area of a new site I'm working on... If anyone is bored, please let me know... Thanks
Printable View
Hi,
Does anyone want to help me test out the members area of a new site I'm working on... If anyone is bored, please let me know... Thanks
where is it?
Sorry, its http://www.yourcode.infoQuote:
Originally Posted by abhijit
1. Parts of your site are vulnerable to XSS (Cross Site Scripting) attacks.
Blah
2. Your cookies are in plain text and are associated with "Usernames"
I didn't actually attempt to hijack an account, but you should encrypt all cookie data.Quote:
Host: www.yourcode.info
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://www.yourcode.info/login.asp
Cookie: ASPSESSIONIDACSSCAAA=FBNFLAJBDOGDMNACAELEJIFP; Username=blah; Code=TUOEH
3. Your site may be vulnerable to a SQL Injection attack.
http://www.yourcode.info/profile.asp?id=a
4. You are storing "User" information in a hidden field, this could be manipulated to impersonate another user.
On the "Contact.asp" page.
Quote:
<input type="hidden" name="user" value="blah">
Thanks for the help!Quote:
Originally Posted by Memnoch1207
I'm working on overhauling the entire site right now, and will definitely work those tips into the new design...
Much appreciated!