Page 1 of 2
First major Site..
Posted: Fri Feb 03, 2006 12:00 am
by Zoxive
[Posted under old name]
Posted: Fri Feb 03, 2006 12:18 am
by josh
Posted: Fri Feb 03, 2006 12:20 am
by Zoxive
Whats this?
Never herd of it.. to bad i can't fix... due date was the 1st..
-NSF
Posted: Fri Feb 03, 2006 12:29 am
by josh
cross site scripting.
It means I can log in as the admin if I get you to load a specially constructed URL, if you were logged in as the admin it could cause javascript to send me your login cookie.
Posted: Fri Feb 03, 2006 12:34 am
by Zoxive
jshpro2 wrote:cross site scripting.
It means I can log in as the admin if I get you to load a specially constructed URL, if you were logged in as the admin it could cause javascript to send me your login cookie.
Login session? i dont have cookies..
And i Wikied it, but didn't get much from it other then cross site scrippting, and it was mainly used to crack sites..
-NSF
Posted: Fri Feb 03, 2006 12:36 am
by John Cartwright
As in I could capture your session cookie, and potentionally gain access/permission to the admin section as long as an admin logged in while I had this attack setup.. could also steal anyones account that logged in as well.
Posted: Fri Feb 03, 2006 12:40 am
by Zoxive
Jcart wrote:As in I could capture your session cookie, and potentionally gain access/permission to the admin section as long as an admin logged in while I had this attack setup.. could also steal anyones account that logged in as well.
Ok, well beyond that.. its my first site...... ; (
And i just started php when i first joined.
So anything about the site? i was very happy with it.. till now.. : /
-NSF
Posted: Fri Feb 03, 2006 5:00 am
by Roja
NonStopableForce wrote:So anything about the site? i was very happy with it.. till now.. : /-NSF
-
Invalid CSS
- Help/Sitemap/Adv search hard to read, could be in the main nav bar, not spaced well/consistently
- At least four different fonts on the page (including images), could be fewer
- Have to click About Us to learn anything about NTS. Will destroy your google ratings. At least have some intro text on the main page
- Very nice use of a consistent color scheme (blue/brown/green), although I prefer less colors.
- Cross-site scripting vulnerable
Overall, not bad, but not great.
Posted: Fri Feb 03, 2006 7:54 am
by benamaster
I have to say I like the features on the
http://www.batechcentral.com/ntspm quite a bit better compared to the
http://www.batechcentral.com/nts_am/2/
The
http://www.batechcentral.com/ntspm site has much better features as you can select a date via a calendar and they list sites in the city and the tours that go to those sites.
Posted: Fri Feb 03, 2006 10:50 am
by Zoxive
If you notice i didnt realize you couldn't use // to comment out, thats why it doesn't validate... and its after the 1st so i can't fix.
Ok, you think that because you
made it?
But what does everyone else think?
-NSF
Posted: Fri Feb 03, 2006 11:06 am
by josh
Are we the judges on this competition and we don't even know it?
The "enemy"'s site:
- when I page to a new month on the calender it scrolls me to the top of the page, perhaps use of anchors to scroll the page back to where I was would be appropriate, or a simple ajax / iframe solution to avoid that issue all together
- The elements on the bottom of the tour pages are not arranged in a logical way, I have tabs to read reviews, see a calender, an area to rate the tour, etc.. all cluttered into one area.
- links in upper right are in a non-standard place, and do not stand out.
+ fluid layout, I can resize / change font size
- sql injection on
http://www.batechcentral.com/ntspm/Prod ... ProductID= ????
As for your site, it has sql injection here:
http://www.batechcentral.com/NTS_am/2/tours.php?tour=
(this gives me the ability to run any query I want, with very few limitations on what I can run)
Regarding the sql injection, just to prevent confusion you are adding slashes or escaping the string but this does you no good because you're running the input like so:
Code: Select all
select `whatever` from `table` where `id`= $id
Since $id has no single quotes around it in your query I can insert things
Proof of concept -
http://www.batechcentral.com/NTS_am/2/t ... r%205=5%20;
I'm just selecting but I'm doing it through the SQL injection vulnerability
Posted: Fri Feb 03, 2006 11:17 am
by Zoxive
jshpro2 wrote:
As for your site, it has sql injection here:
http://www.batechcentral.com/NTS_am/2/tours.php?tour=
(this gives me the ability to run any query I want, with very few limitations on what I can run)
Regarding the sql injection, just to prevent confusion you are adding slashes or escaping the string but this does you no good because you're running the input like so:
Code: Select all
select `whatever` from `table` where `id`= $id
Since $id has no single quotes around it in your query I can insert things
Proof of concept -
http://www.batechcentral.com/NTS_am/2/t ... r%205=5%20;
I'm just selecting but I'm doing it through the SQL injection vulnerability
mm i just tryed messing with that, and everytime it would bring up tour id 28, with 5=5 or anything=anything
There isn't much they could do with that, but yes i know its bad, and i'll make account of all these mess ups for furture websites..
-NSF
Posted: Fri Feb 03, 2006 1:09 pm
by benamaster
We should all make a vote!
Thought with this being a PHP site and my site being in ASP.NET 2.0 I am pretty sure who would win out. I have done PHP before and I do like it but its alot easier I think to manage a project in Visual Studio 2005.
For my personal site I use PHP, does anyone have suggestions of a Visual Studio like program that would be better than Dreamweaver 8?
Posted: Fri Feb 03, 2006 2:03 pm
by feyd
My vote: you're all off the island for failing to face your fears with big brother and your fellow geeks watching on.
No ASP vs PHP war.
Check out vs.PHP (I think that's the name) .. or PHP Designer.. Happily, most decent code editors are better than Dreamweaver. If you have any further, off topic things to ask, like editor questions, look around the forums. There is a VERY large editors thread.
Posted: Fri Feb 03, 2006 2:21 pm
by josh
NonStopableForce wrote:There isn't much they could do with that
Wrong, here's another example:
http://www.batechcentral.com/NTS_am/2/t ... d%20=%2033
I imagine the query I just made looks like
select `field`, `field` from `some_table` where `id` = 0 or id = 33 order by `field`
Now what if I knew the schema of your tables and ran the following query
select `field`, `field` from `some_table` where `id` = 0 or id =33 union all select 'dummy_data', `password` from `users` where `username`='admin' ; -- order by `field`
Obviously that's not a valid query on your system but if I was motivated enough I could select data from any of your tables with this exploit, who knows what other exploits I could find if I had the time / will to seek them all out. (ie., maybe you have an sql injection vulnerability somewhere else where I could delete from tables)