learning php

p99 · Post by **p99** » 28 Jul 2007, 00:06

Hey I know this site looks like shit but whatever check it out.

I especially like my cbox I created. I'm still not finished but I love it.
I am eventually going to do some more things but for now it's good how it is.
Try to exploit something. Don't ddos it or any lame crap (you'd have hell to pay from my isp) please.

But yeah my weakest point to exploitation is probably the cbox as it allows immediate display of input. But I've got a decent filter so have at it. I'm going to back everything up and if you do find a vulnerability PM me it. If you get into the server please leave it intact. It is my mom's computer and I don't want bad things happening as I just re-installed.

Anyways here it is: http://68.166.14.189
The register link is below the login.

bubzuru · Post by **bubzuru** » 28 Jul 2007, 00:52

i cant exploit your site but i know this
your running on windows
you have apache 2.2.4
php 5.2.3
symantec solaris 8 firewall

question :

do you have black ice
have you run netbus sub7 lor bo2k lately ?
wots net prowler

p99 · Post by **p99** » 28 Jul 2007, 01:50

Well apache and php were correct....

I haven't run any viruses/trojans because I don't take to skiddy tactics.

And what's that about net prowler?

bubzuru · Post by **bubzuru** » 28 Jul 2007, 04:36

nmap found alot ov open ports
and one ov them was netprowler

Post by **ayu** » 28 Jul 2007, 05:41

I tried:

XSS on your "view" page and your logout page. I also tried to simply inject html/php in your guestbook. Also tried to spam it...and as a last test i tried to inject SQL using your login, no luck there either

Seems pretty safe ^^

p99 · Post by **p99** » 28 Jul 2007, 08:30

spamming it works but due to someone showing me they would find the character limit I had to decrease it by 3. Untill at least I figure out how to split it up into rows. But right now it's like 100 chars.

Eventually i'm going to put a restraint on user-ip, and post-ip. My next big project are forums :-p.

Post by **bad_brain** » 28 Jul 2007, 14:16

did some scans, and yes, it's secure so far...

but well, one or two little things you can/should do to make information gathering more difficult:

in httpd.conf look for ServerTokens and set it to

Code: Select all

ServerTokens Prod

this will keep apache away from displaying it's version number on error pages or when being scanned.

in php.ini look for expose php and set it to 0 (default is 1), this keeps PHP away from displaying its version number.

p99 · Post by **p99** » 28 Jul 2007, 20:24

Well I found expose_php = on. Do I just change it to off? And the tokesn thing did not exist so I added it. Let me know if it changed anything with apache.

Post by **bad_brain** » 30 Jul 2007, 13:32

alright, no server version is displayed anymore:

Code: Select all

HTTP/1.1 200 OK
Date: Mon, 30 Jul 2007 19:32:20 GMT
Server: Apache

and yes, simply change it to "off", it'll make this part disappear:

Code: Select all

X-Powered-By: PHP/x.x.x