🏰 TradeFortress 🏰
Bitcoin Veteran
VIP
Legendary
Offline
Activity: 1316
Merit: 1043
👻
|
|
June 28, 2013, 05:20:24 PM |
|
I did some light testing on your site. I was able to register as the username admin. You are running: Apache/2.2.16 (Debian) Server at www.lendmecoin.com Port 80 This version is vulnerable. http://httpd.apache.org/security/vulnerabilities_22.htmlYou also have some XSS vulnerabilities: Another one would be that you have been logged out of lendmecoin.
|
|
|
|
bombartier357 (OP)
|
|
June 28, 2013, 08:11:49 PM |
|
Yes I did notice that you were able to register as the admin. I will be solving XSS security issues sometime today after I get home from work. Thank you for pointing out the vulnerabilities of the apache that I am currently using. I will visit your link sometime this weekend and get anything that I have missed sorted out. Thanks again for all the help.
|
|
|
|
bombartier357 (OP)
|
|
June 29, 2013, 01:39:01 PM |
|
Fixed XSS errors and added encrypted session hashing.
Working on SSL now. Need to get my validation done and I will get it up and running shortly.
|
|
|
|
vlees
|
|
June 29, 2013, 01:44:22 PM |
|
I have no idea what I am looking at. I think some malformed database or query is the source but I hope this is not normal what I am seeing:
|
BEEP BEP
|
|
|
bombartier357 (OP)
|
|
June 29, 2013, 04:39:19 PM |
|
I have no idea what I am looking at. I think some malformed database or query is the source but I hope this is not normal what I am seeing: What is your user name? If you do not use a common user name, which they may be perceived as an attempt to penetrate the system. Then you will not be able to login. I see the most recent user that registered is named "."
|
|
|
|
vlees
|
|
June 29, 2013, 05:00:22 PM |
|
I am able to login and my username is "'"
|
BEEP BEP
|
|
|
bombartier357 (OP)
|
|
June 29, 2013, 05:33:15 PM |
|
I really hope for your own sake that you learn from this lesson and close this site before you get burned for real. It's not just "I'll fix these bugs and it'll be ok". Trust me, there are more of them.
Come back after 2 years with enough experience to make this work.
Actually, why do I even bother about you? Some people just have to learn the hard way. J.R.R. Tolkien - "The burned hand teaches best. After that, advice about fire goes to the heart."
"Look before you leap for as you sow, ye are like to reap." Samuel Butler
|
|
|
|
bombartier357 (OP)
|
|
June 29, 2013, 05:36:10 PM |
|
I am able to login and my username is "'"
Did you try recently? I am trying to pull up your profile and it kicks me out.
|
|
|
|
vlees
|
|
June 29, 2013, 08:22:57 PM |
|
I am able to login and my username is "'"
Did you try recently? I am trying to pull up your profile and it kicks me out. Apparently you deleted my profile now...
|
BEEP BEP
|
|
|
bombartier357 (OP)
|
|
June 29, 2013, 10:11:35 PM |
|
I am able to login and my username is "'"
Did you try recently? I am trying to pull up your profile and it kicks me out. Apparently you deleted my profile now... Nope you are still in there. I can change your user name if you like....
|
|
|
|
acs26
Guest
|
|
June 29, 2013, 11:59:26 PM |
|
Seems like some serious bugs, or glitches. Can't log-in. I guess it's because I registered from another computer/IP.
|
|
|
|
bombartier357 (OP)
|
|
June 30, 2013, 12:19:23 AM |
|
Seems like some serious bugs, or glitches. Can't log-in. I guess it's because I registered from another computer/IP.
Yeah, if you give me your ip I can add it to my white list if you like.
|
|
|
|
vlees
|
|
June 30, 2013, 09:29:17 AM |
|
Seems like some serious bugs, or glitches. Can't log-in. I guess it's because I registered from another computer/IP.
Yeah, if you give me your ip I can add it to my white list if you like. Oh, that's why I couldn't log in. You do know some people have dynamic IP's that change up to once an hour, right?
|
BEEP BEP
|
|
|
bombartier357 (OP)
|
|
June 30, 2013, 01:40:13 PM |
|
Seems like some serious bugs, or glitches. Can't log-in. I guess it's because I registered from another computer/IP.
Yeah, if you give me your ip I can add it to my white list if you like. Oh, that's why I couldn't log in. You do know some people have dynamic IP's that change up to once an hour, right? Yes I know. It is for security. I should probably put some kind of message to the user when this happens so people are not scratching their heads...
|
|
|
|
|