| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Sep 2011 06:49:22 +0300
From: George Girtsou <ggirtsou@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Site Vulnerabilities: myexgf.com
Site Vulnerabilities: myexgf.com
- Cross Site Scripting
This vulnerability affects /cgi-bin/te/o.cgi.
The impact of this vulnerability
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into
a vulnerable application to fool a user in order to gather data from them.
An attacker can steal the session cookie and take over the account,
impersonating the user. It is also possible to modify the content of the
page presented to the user.
Attack details
The GET variable s has been set to <script>alert(507691789232)</script>.
- CRLF injection/HTTP response splitting
Affected items
/cgi-bin/te/o.cgi
The impact of this vulnerability
Is it possible for a remote attacker to inject custom HTTP headers. For
example, an attacker can inject session cookies or HTML code. This may
conduct to vulnerabilities like XSS (cross-site scripting) or session
fixation.
How to fix this vulnerability
You need to restrict CR(0x13) and LF(0x10) from the user input or properly
encode the output in order to prevent the injection of custom HTTP headers.
- SSL 2.0 deprecated protocol
Affected items
Server
The impact of this vulnerability
An attacker may be able to exploit these issues to conduct man-in-the-middle
attacks or decrypt communications between the affected service and clients.
How to fix this vulnerability
Disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead.
- SSL certificate invalid date
Affected items : Server
The impact of this vulnerability
The SSL certificate is not valid.
How to fix this vulnerability
Please verify you certificate validity period and in case regenare the
certificate.
- Cookie manipulation
The impact of this vulnerability
By exploiting this vulnerability, an attacker may conduct a session fixation
attack. In a session fixation attack, the attacker fixes the user's session
ID before the user even logs into the target server, thereby eliminating the
need to obtain the user's session ID afterwards.
How to fix this vulnerability
You need to filter the output in order to prevent the injection of custom
HTTP headers or META tags. Additionally, with each login the application
should provide a new session ID to the user.
- User credentials are sent in clear text
Affected items
/videos/user.php
Apache server-status enabled
- Affected items : Web Server
The impact of this vulnerability
Information disclosure.
How to fix this vulnerability
Disable this functionality if not required. Comment out the <Location
/server-status> section from httpd.conf.
- TRACE Method Enabled
Affected items
Web Server
The impact of this vulnerability
Attackers may abuse HTTP TRACE functionality to gain access to information
in HTTP headers such as cookies and authentication data.
How to fix this vulnerability
Disable TRACE Method on the web server.
- URL redirection
Affected items
/cgi-bin/at3/out.cgi
The impact of this vulnerability
A remote attacker can redirect users from your website to a specified URL.
This problem may assist an attacker to conduct phishing attacks, trojan
distribution, spammers.
How to fix this vulnerability
Your script should properly sanitize user input.
- Password type input with autocomplete enabled
Affected items
/videos/user.php
How to fix this vulnerability
The password autocomplete should be disabled in sensitive applications.
To disable autocomplete, you may use a code similar to:
<INPUT TYPE="password" AUTOCOMPLETE="off">
---------------------------------------------------------------------------------
List of open TCP ports
Description
There are 10 open TCP ports on the remote host.
Port 21 - [ftp] is open.
--------------------------------------------------------------------------------
Port 25 - [smtp] is open.
Port banner:
220 plainstrider.amerinoc.com ESMTP Exim 4.69 Fri, 26 Aug 2011 18:00:20
-0700
--------------------------------------------------------------------------------
Port 53 - [domain] is open.
--------------------------------------------------------------------------------
Port 80 - [http] is open.
Port banner:
HTTP/1.1 200 OK
Date: Sat, 27 Aug 2011 01:02:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Connection: close
Content-Type: text/html
--------------------------------------------------------------------------------
Port 110 - [pop3] is open.
Port banner:
+OK Dovecot DA ready.
--------------------------------------------------------------------------------
Port 143 - [imap] is open.
Port banner:
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
STARTTLS AUTH=PLAIN] Dovecot DA ready.
--------------------------------------------------------------------------------
Port 443 - [https] is open.
Port banner:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL ...
--------------------------------------------------------------------------------
Port 587 - [submission] is open.
Port banner:
220 plainstrider.amerinoc.com ESMTP Exim 4.69 Fri, 26 Aug 2011 18:16:26
-0700
--------------------------------------------------------------------------------
Port 993 - [imaps] is open.
--------------------------------------------------------------------------------
Port 995 - [pop3s] is open.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists