ON http://iflamme.com/ :VULNERABLE JAVASCRIPT LIBRARY - Your javascript li

1. ON http://iflamme.com/ :
2.  
3. VULNERABLE JAVASCRIPT LIBRARY
4. - Your javascript library is 1.8.2, and it is definitly not UPDATE
5.  
6. - IMPACT vulnerability : LOW (can conduct to xss & stored & csrf & malicious uses of javascript function which are deprecated)
7. - ATTACKER LEVEL : HIGH
8. - FIX : Update ur JS library
9.  
10.  
11.  
12. ON http://new.iflamme.com/ :
13.  
14. REDIRECTION WITHOUT SESSION CHECKING :
15.  
16. Thoses paths are accessible with session checking, which is dangerious if someone can get acces to an account, and change his SSID:
17.  
18. /account
19. /account/corder
20. /account/password
21. /account/info
22.  
23. - IMPACT vulnerability : MEDIUM/HIGH (can conduct to session hijacking, which is really commun in security)
24. - ATTACKER LEVEL : MEDIUM/EXPERT
25. -FIX : evry time you let someone acces a page, you need to :
26.  
27. if (!isset($_SESSION[auth])) { <---------------- not "connected" or something else between quotes
28. header("Location: auth.php");
29. exit(); <-------------
30. }
31.  
32.  
33. 2ND VULNERABILITY:
34.  
35. MULTIPLE XSS ON THE WEBSITE :
36.  
37. /foot
38. /foot/index
39. /news
40. /news/index
41.  
42. thoses paths contains xss, you already know what can conduct an xss, even if not stored (CSRF vulnerability, XXE, LFI, server-side template injection )
43. It always depends on what is running behind, but its never, never good to let XSS on a website, and its really easy to get ride of it
44.  
45. - IMPACT : MEDIUM
46. - ATTACKER LEVEL : beginner
47. - FIX : Escape ALL the un-wanted caracteres on the formulars you are using, the GET/POST parameters & evrything else that the user can write in/on
48.  
49. 3RD VULNERABILITY :
50.  
51.  
52. http://2.haxro.fr/dperk/Bountys/pocpass.html
53.  
54. ;) ;) ;) ;) <3
55.  
56.  
57.  
58. 4RD VULNERABILITY :::
59.  
60. http://2.haxro.fr/dperk/Bountys/PoCSqliIgMaxe.php
61.  
62.  
63. ___________
64.  
65.  
66. ON http://igmaxe.com/ :
67.  
68. VULNERABLE JAVASCRIPT LIBRARY
69. - Your javascript library is 1.8.2, and it is definitly not UPDATE
70.  
71. - IMPACT vulnerability : LOW (can conduct to xss & stored & csrf & malicious uses of javascript function which are deprecated)
72. - ATTACKER LEVEL : HIGH
73. - FIX : Update ur JS library
74.  
75.  
76.  
77.  
78.  
79. ------------ OVERALL TIPS--------------
80.  
81. ----- You need https, for many reasons, but the most importants one is that the users will trust your website, with https enable. I know implementing https can be a bit tricking, but it was also protect you in the server side, an attacker can, for exemple, listen the ports on the server, if he gets an acces on it, and catch all the trafic of yours users & you (credit card & password) so it will protect you even more.
82.  
83. ----- Change your password if you fear something, use something strong, really. MAKE THAT NO ONE APPLICATION (API, test server) HAS DEFAULT PASSWORD ON IT. Also, all the users that you are using on your server MUST HAVE RIGHTS PROTECTED, you can't give all the sudo rights so an user which only host the MYSQL server for exemple. DELET THE OLD AND NOT NEEDED USER, DO NOT LOGGIN ON THE SERVER WITH PASSWORD, USE ONLY SSH-KEY, NO ONE USERS ON YOUR SERVER HAS TO HAVE PASSWORD LOGIN ENABLE.
84.  
85. ----- DO YOUR TESTS (migration, new website) ON AN OTHER DOMAIN NAME. new.iflamme.com is BAD, since its in construction there is vulnerability. Get an other DNS and do your test on it, and not on the same server that host the BDD & the iflamme website
86.  
87. ----- If you have anyquestion, protection prevention, DDOS or other, feel free to ask me on skype.
88.  
89.  
90.  
91.  
92.  
93. 27 Champions & 0 Skins
94. 27€
95.  
96. Show Content