Full Disclosure mailing list archives
Site Vulnerabilities: myexgf.com
From: George Girtsou <ggirtsou () gmail com>
Date: Tue, 6 Sep 2011 06:49:22 +0300
Site Vulnerabilities: myexgf.com - Cross Site Scripting This vulnerability affects /cgi-bin/te/o.cgi. The impact of this vulnerability Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user. Attack details The GET variable s has been set to <script>alert(507691789232)</script>. - CRLF injection/HTTP response splitting Affected items /cgi-bin/te/o.cgi The impact of this vulnerability Is it possible for a remote attacker to inject custom HTTP headers. For example, an attacker can inject session cookies or HTML code. This may conduct to vulnerabilities like XSS (cross-site scripting) or session fixation. How to fix this vulnerability You need to restrict CR(0x13) and LF(0x10) from the user input or properly encode the output in order to prevent the injection of custom HTTP headers. - SSL 2.0 deprecated protocol Affected items Server The impact of this vulnerability An attacker may be able to exploit these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients. How to fix this vulnerability Disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead. - SSL certificate invalid date Affected items : Server The impact of this vulnerability The SSL certificate is not valid. How to fix this vulnerability Please verify you certificate validity period and in case regenare the certificate. - Cookie manipulation The impact of this vulnerability By exploiting this vulnerability, an attacker may conduct a session fixation attack. In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server, thereby eliminating the need to obtain the user's session ID afterwards. How to fix this vulnerability You need to filter the output in order to prevent the injection of custom HTTP headers or META tags. Additionally, with each login the application should provide a new session ID to the user. - User credentials are sent in clear text Affected items /videos/user.php Apache server-status enabled - Affected items : Web Server The impact of this vulnerability Information disclosure. How to fix this vulnerability Disable this functionality if not required. Comment out the <Location /server-status> section from httpd.conf. - TRACE Method Enabled Affected items Web Server The impact of this vulnerability Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data. How to fix this vulnerability Disable TRACE Method on the web server. - URL redirection Affected items /cgi-bin/at3/out.cgi The impact of this vulnerability A remote attacker can redirect users from your website to a specified URL. This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers. How to fix this vulnerability Your script should properly sanitize user input. - Password type input with autocomplete enabled Affected items /videos/user.php How to fix this vulnerability The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> --------------------------------------------------------------------------------- List of open TCP ports Description There are 10 open TCP ports on the remote host. Port 21 - [ftp] is open. -------------------------------------------------------------------------------- Port 25 - [smtp] is open. Port banner: 220 plainstrider.amerinoc.com ESMTP Exim 4.69 Fri, 26 Aug 2011 18:00:20 -0700 -------------------------------------------------------------------------------- Port 53 - [domain] is open. -------------------------------------------------------------------------------- Port 80 - [http] is open. Port banner: HTTP/1.1 200 OK Date: Sat, 27 Aug 2011 01:02:07 GMT Server: Apache X-Powered-By: PHP/5.2.13 Connection: close Content-Type: text/html -------------------------------------------------------------------------------- Port 110 - [pop3] is open. Port banner: +OK Dovecot DA ready. -------------------------------------------------------------------------------- Port 143 - [imap] is open. Port banner: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN] Dovecot DA ready. -------------------------------------------------------------------------------- Port 443 - [https] is open. Port banner: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> Reason: You're speaking plain HTTP to an SSL ... -------------------------------------------------------------------------------- Port 587 - [submission] is open. Port banner: 220 plainstrider.amerinoc.com ESMTP Exim 4.69 Fri, 26 Aug 2011 18:16:26 -0700 -------------------------------------------------------------------------------- Port 993 - [imaps] is open. -------------------------------------------------------------------------------- Port 995 - [pop3s] is open.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Site Vulnerabilities: myexgf.com George Girtsou (Sep 06)