Well, the owner made a choice to Ignore the security holes & Vulnerabilities, so here we go.
SQL Injections"NOTE! Security issue like this can allow an attacker to gain access to your MySQL Database, and access private information."URL:
http://tomygame.com/index.phpThere are total of
23 holes which allows an attacker to access Database. I wont list them all.
$_GET Method:If you send this data:
view=profileview&viewuser=%5cYou will get an error:
If you send this data:
/bannerclick.php?id=You will get an error:
$_POST Method:Send POST Data to this URL:
/index.php?action=login&rid=41903324&&view=loginDATA to send:
form_pwd=1&form_user=%5c&routing_code=94102This means the web-site is completely unprotected from SQL Injections. Some1 already might have your username, passwords, and emails.
Directory Listing & Shell UploadFirst of all, the server is configured in a wrong way, which allows anyone to browse all the files in any folder, which in most cases will reveal some sort of sensitive information. For example:
http://tomygame.com/blogs/http://tomygame.com/ads/This one is more interesting:http://tomygame.com/members/avatar/This is where user avatar files goes, when some1 upload one. Since EVERYONE can access this folder, an attacker can upload a file of his choice masked as avatar, and then just open this folder in browser, and launch the file. If you check this folder now, you will notice
some1 already have done it.
These was only the MAJOR Problems, there are many other - minor bugs and problems, which I wont bother listing.Sorry for the long report,
Thank you,
Devsoft™.
