Hey everyone! A friend of mine has been working on a website that uses databases and utilizes php to access those databases. He recently asked me if I could try to exploit the website in search of vulnerabilities. Chances are there are many, as he is no security expert. I am doing this simply as a favor, and was wondering if anyone was interested in helping me. The objective is NOT to gain unauthorized access to anything, but to show vulnerabilities and fix the code. I personally do not have very much time to look through the website with the current workload of schoolwork. If anyone is interested in helping me, feel free to PM me. Thanks.
September 16th, 2010, 04:00 PM
That I do. Post the link.
September 17th, 2010, 12:25 AM
Remember spec, no defacement! You got that? haha
September 17th, 2010, 01:04 AM
hahaha... A good way of testing it for common vulnerabilities might be to use an automated tool such as W3AF. It is integrated in the Samurai live cd. Run a scan against it, and it will look for common XSS and CSRF attacks among others.
September 17th, 2010, 01:44 PM
Remember that many vulnerabilities in code depend on the server configuration to be exploited (remote file inclusion, etc). Changing from a development to a production environment needs to take these things into account.
There are numerous heuristic XSS and SQL injection attacks that can tell you if something is vulnerable without neccessarily being able to exploit it. If you can sneak ' through input sanitization, even though it doesn't accomplish anything on it's own, it means you're vulnerable.
I've got some time coming up and I'd be happy to give a once over, although I doubt I am up to Spec's standards.
September 17th, 2010, 02:23 PM
Thanks guys, I'll list the website once I get the OK from my friend to start "pwning some n00bs :cool:". Haha, I just couldn't help myself. :D :rolleyes:
September 22nd, 2010, 03:54 AM
Hey guys, don't forget to check your PMs.
September 22nd, 2010, 06:13 PM
Here is a good cheat sheet I use to test to see if there may be a vuln.
The login page adds slashes to prevent sql injection. But there is no use for it. You can completely skip the login and move onto the welcome page. The other scripts don't actually check if your logged in at all.
The really vulnerable stuff was removed. He had other scripts there used to maintain the actual site. Apache and the kernel in itself hasn't been touched since '04.
This site looks like it was built by a tea party member... in other words its epic FAIL.
September 23rd, 2010, 05:48 AM
Yeah, I would agree. I was able to bypass the login with no trouble at all. [In fact, the first time I did, it was by accident] The whole thing is riddled with XSS vulns.