Website Security

**CT2600** · December 9th, 2003, 03:34 AM

Can anyone check the website I just did for the lady down the street and tell me if there is anything wrong with it? I used PayPal & FatCow so it should be secure.

I give you permission to review anything on the site/coding, but its hosted by FatCow and Shopping through PayPal and if you mess with any of that it doesn't belong to me.

www.teamsplus.net

**riya_here** · December 9th, 2003, 03:49 AM

nice website...
u can use a better colour combination if u want...
overall, nice one!!!

**creative_32X_mx** · December 9th, 2003, 04:25 AM

hey,CT.
I found one weakness so far..check your ftp you should take a closer look at it, as i was able to upload and download files to and from the site.
If you want the exact details then sh00t me a PM i'd be more then happy to help you patch it up..

Other then that nice little site although it did take a while for the index.html page to fully load up, but other then that it looks good.

cheers
creative

**Alt_Ctrl_Delete** · December 9th, 2003, 10:25 AM

I've also found a weakness in your Source code, found something that could be used to gain "Root"..
I will PM you with the details..

Other then that nice layout, the green is a bit hard on the eyes..But excellent Work...

Stacy

***Striek*** · December 9th, 2003, 10:34 AM

I'll apologize in advance if I offend anyone.

Nobody should be giving out methods to gain root here, or explaining any other way to break this site. There absolutely *N0* guarantee that this person is actually the web site designer. I know if I wanted to hack a site, this is the form of social engineering I would use.

If it's possible to patch these holes without explaining how to exploit them, more pwer to you, but you're pretty naive if you trust that this person is actually the designer and that his/her intentions are good. What proof do you have?

We should all be a little more careful than this.

**creative_32X_mx** · December 9th, 2003, 10:58 AM

striek. I thought about that, but in the PM that CT sent me, he asked me to send all info that i gathered TO the web masters emeail on the site..
So it all looks legit to me..
I know that he shoulda coulda worded he's question i little bit better, but i've made sure that this is the person whom made/ownes the site..
Well i am currently talking to him through PM as to how he or she can fix the problem.
Not how to exploit the problem..

anyhow cheers
creative

***el-half*** · December 9th, 2003, 11:40 AM

/me goes out and defaces www.teamsplus.net muhahaha lol

EDIT: found some vulns, will pm details

**CT2600** · December 9th, 2003, 01:07 PM

Okay, I built the website on her Windows XP system and My Windows 2000 system. Software used is HTML and Microsoft FrontPage. I tried a few of the methods you mentioned and it gives me (no anon logons).

We are PRIMARILY concerned about the shopping section, but I really want to fix the access problem. If anyone can help me patch up the security problems it would be great.

**CT2600** · December 9th, 2003, 06:39 PM

I'm confused.. I got this feedback, but isn't this what I am trying to do? and what does the red dot mean? Is it urgent? Is there a fix attached?

**CT2600** · December 9th, 2003, 07:08 PM

Originally posted here by Alt_Ctrl_Delete
I've also found a weakness in your Source code, found something that could be used to gain "Root"..
I will PM you with the details..

Other then that nice layout, the green is a bit hard on the eyes..But excellent Work...

Stacy

From what I hear, that was not a PM is was a negative antipoint and there was no information attached? Do you have something to assist or are you just mean to new comers?

Thread: Website Security

Thread Tools

Display

Website Security

Posting Permissions