Lending Website

[🏰 TradeFortress 🏰]

I did some light testing on your site.

I was able to register as the username admin.

You are running:
Apache/2.2.16 (Debian) Server at www.lendmecoin.com Port 80

This version is vulnerable.
http://httpd.apache.org/security/vulnerabilities_22.html

You also have some XSS vulnerabilities:



Another one would be that you have been logged out of lendmecoin.

[bombartier357]

I did some light testing on your site.

I was able to register as the username admin.

You are running:
Apache/2.2.16 (Debian) Server at www.lendmecoin.com Port 80

This version is vulnerable.
http://httpd.apache.org/security/vulnerabilities_22.html

You also have some XSS vulnerabilities:



Another one would be that you have been logged out of lendmecoin.

Yes I did notice that you were able to register as the admin.  I will be solving XSS security issues sometime today after I get home from work.

Thank you for pointing out the vulnerabilities of the apache that I am currently using.  I will visit your link sometime this weekend and get anything that I have missed sorted out.

Thanks again for all the help.

[bombartier357]

Fixed XSS errors and added encrypted session hashing.

Working on SSL now.  Need to get my validation done and I will get it up and running shortly.

[vlees]

I have no idea what I am looking at.

I think some malformed database or query is the source but I hope this is not normal what I am seeing:

[bombartier357]

I have no idea what I am looking at.

I think some malformed database or query is the source but I hope this is not normal what I am seeing:

What is your user name?  If you do not use a common user name, which they may be perceived as an attempt to penetrate the system.  Then you will not be able to login.

I see the most recent user that registered is named "."

[vlees]

I am able to login and my username is "'"

[bombartier357]

I really hope for your own sake that you learn from this lesson and close this site before you get burned for real.
It's not just "I'll fix these bugs and it'll be ok". Trust me, there are more of them.

Come back after 2 years with enough experience to make this work.

Actually, why do I even bother about you? Some people just have to learn the hard way.
J.R.R. Tolkien - "The burned hand teaches best. After that, advice about fire goes to the heart."

"Look before you leap for as you sow, ye are like to reap."
Samuel Butler

[bombartier357]

I am able to login and my username is "'"

Did you try recently?  I am trying to pull up your profile and it kicks me out.

[vlees]

I am able to login and my username is "'"

Did you try recently?  I am trying to pull up your profile and it kicks me out.

Apparently you deleted my profile now...

[bombartier357]

I am able to login and my username is "'"

Did you try recently?  I am trying to pull up your profile and it kicks me out.

Apparently you deleted my profile now...

Nope you are still in there.  I can change your user name if you like....

[acs26]

Seems like some serious bugs, or glitches. Can't log-in. I guess it's because I registered from another computer/IP.

[bombartier357]

Seems like some serious bugs, or glitches. Can't log-in. I guess it's because I registered from another computer/IP.

Yeah, if you give me your ip I can add it to my white list if you like.

[vlees]

Seems like some serious bugs, or glitches. Can't log-in. I guess it's because I registered from another computer/IP.

Yeah, if you give me your ip I can add it to my white list if you like.

Oh, that's why I couldn't log in.

You do know some people have dynamic IP's that change up to once an hour, right?

[bombartier357]

Seems like some serious bugs, or glitches. Can't log-in. I guess it's because I registered from another computer/IP.

Yeah, if you give me your ip I can add it to my white list if you like.

Oh, that's why I couldn't log in.

You do know some people have dynamic IP's that change up to once an hour, right?

Yes I know.  It is for security.  I should probably put some kind of message to the user when this happens so people are not scratching their heads...