Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- This a breakdown of your site the way I see it. I tried to simplify it so you can understand it. I look foward to working with you in the future.
- URL: www.rasfarmusa.com
- I got this:
- User: rasfarm1_cart
- password: qq132456 table: rasfarm1_cart
- Port: 3306
- Host: Bluehost
- (Shouldn't of been that easy)
- List of things site is vulnerable to:
- SQL Injection
- Blind SQL Injection
- XSS Injection
- LFI
- RFI
- SQL Injections:
- /index.php?route=product/category&path=11'"
- /index.php?route=product/product&product_id=91'"
- /index.php?route=product/category'"&path=11
- Port Scan Results:
- FTP Port 20 is Closed
- FTP Port 21 is Open
- SSH 22 Port is Open
- TelNet Port 23 is Closed
- SMTP port 25 is open
- DNS Port 53 is Open
- HTTP Port 80 is Open
- Port HTTP-ALT 81 is Closed
- Puerto POP3 110 is Open
- NetBios 139 port is closed
- LDAP Port 389 is Closed
- HTTPS (SSL) Port 443 is Open
- SQL Server 1433 Port is Closed
- Puerto Cpanel 2082 is Open
- MYSQL 3306 Port is Closed
- HTTP-ALT 8080 Port is Open
- My Recommendations:
- Your site is great and it looks decent. It just could use a few addons and some help with the security issues it has. I found it was vulnrable to SQL Injections. It looks like your site is using an SQL database and the Database management of an SQL Database is done with PHP. The actual database is an SQL database, but websites interact with databases using PHP and Php could mean the site is Vulnerable to SQL Injection but that is only an issue If proper measures aren't put into place, it can be and In this case proper measures were not put into place. Basicly It's the code that runs the actual site, It manages databases, actions etc. and the PHP runs the whole backend of a site. One thing I tried was putting an apostrophe in the URL and password input to see if there is an Error and there definitely was. you will find that If the domain name isnt vulnerable to SQL Injections that means every file path of the domain probably isn't vulnerable, but in this case the domain name is vulnrable to SQL Injection and that is a huge Security risk. With SQL Injections hackers can obtain information like user information, company information, credit card info and more and that is a huge Security risk. Also since your site is being hosted on Bluehost it is an even bigger risk. I reccomend you find new place to host it due to allot of hackers targeting bluehost sites. Also you need Restrict your Whois so when someone does a Whois lookup they can not get your information.
- your site is also vulnrable to XSS Injection and that is also a big risk. It makes it pretty easy for hackers to take down your site. you also need to take care of the fact that is is vulnrable to LFI and RFI that also puts it at a big risk. Though it would take a considerable amount of time and effort to repair your site due to the fact that it is harder to deal with that stuff in this stage, usually it is best to handle this stuff in the early stages but since I assume it wasn't detected it wasn't dectected. I think I can help it will take a while and be a lot of work but this is a big issue. I highly recommend we fix the security issues before adding anything else to the site so it won't be even harder to fix. I am also happy to help improve the site features and add things but after the security is delt with.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement