BatchMan your Site is VERY VERY VULNERABLE

Discussion in 'Ethical hacking Tips' started by XXxxImmortalxxXX, Jul 5, 2008.

  1. XXxxImmortalxxXX

    XXxxImmortalxxXX New Member

    Joined:
    Jun 27, 2007
    Messages:
    561
    Likes Received:
    19
    Trophy Points:
    0
    The following website designed by batchman is very vulnerable and yet i think its funny because he was telling us about how ezy it is on websites and batches and stuff like that anyways the following are venerabilities found on your site

    Apache mod_rewrite



    Apache mod_rewrite is prone to an off-by-one buffer-overflow condition. The vulnerability arising in the mod_rewrite module's ldap scheme handling allows for potential memory corruption when an attacker exploits certain rewrite rules.

    Affected Apache versions:
    Apache 1.3.28 - 1.3.36 with mod_rewrite
    Apache 2.2.0 - 2.2.2 with mod_rewrite
    Apache 2.0.46 - 2.0.58 with mod_rewrite

    This vulnerability affects Web Server.

    What can the attacker do?
    = An attacker may exploit this issue to trigger a denial-of-service condition. Reportedly, arbitrary code execution may also be possible

    how to fix it?
    = Upgrade Apache to the latest version.

    PHP multiple vulnerabilities



    Multiple vulnerabilities have been reported in PHP, which can be exploited to gain escalated privileges, bypass certain security restrictions, gain knowledge of sensitive information, or compromise a vulnerable system.

    Affected PHP versions (up to 4.3.9/5.0.2).

    This vulnerability affects PHP.
    The impact of this vulnerability
    Possible local and remote execution of arbitrary code.
    Attack details
    Current version is PHP/4.3.9

    How to fix this vulnerability?
    = Upgrade PHP to the latest version.

    PHP Zend_Hash_Del_Key_Or_Index vulnerability



    Stefan Esser had discovered a weakness within the depths of the implementation of hashtables in the Zend Engine. This vulnerability affects a large number of PHP applications. It creates large new holes in many popular PHP applications. Additonally many old holes that were disclosed in the past were only fixed by using the unset() statement. Many of these holes are still open if the already existing exploits are changed by adding the correct numerical keys to survive the unset(). For a detailed explanation of the vulnerability read the referenced article.

    Affected PHP versions (up to 4.4.2/5.1.3).

    This vulnerability affects PHP.
    The impact of this vulnerability
    Possible code execution, SQL injection, ...

    Attack details
    Current version is PHP/4.3.9

    How to fix this vulnerability?
    = Upgrade PHP to the latest version.

    PHP HTML Entity Encoder Heap Overflow



    Stefan Esser reported some vulnerabilities in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.The vulnerabilities are caused due to boundary errors within the "htmlentities()" and "htmlspecialchars()" functions. If a PHP application uses these functions to process user-supplied input, this can be exploited to cause a heap-based buffer overflow by passing specially crafted data to the affected application. Successful exploitation may allow execution of arbitrary code, but requires that the UTF-8 character set is selected. For a detailed explanation of the vulnerability read the referenced article.
    Vendor has released PHP 5.2.0 which fixes this issue.

    Affected PHP versions (up to 4.4.4/5.1.6).

    This vulnerability affects PHP.
    The impact of this vulnerability?
    Denial of service, remote code execution.

    Attack details
    Current version is PHP/4.3.9

    How to fix this vulnerability?
    = Upgrade PHP to the latest version.

    Apache 2.x version older than 2.0.55



    Multiple vulnerabilities have been found in this version of Apache. You should upgrade to the latest version of Apache.

    Affected Apache versions (up to 2.0.55).

    This vulnerability affects Web Server.
    The impact of this vulnerability
    Multiple. Check references for details about every vulnerability.

    Attack details
    Current version is Apache/2.0.52

    How to fix this vulnerability?
    = Upgrade Apache 2.x to the latest version

    TRACE Method Enabled



    HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.
    This vulnerability affects Web Server.
    The impact of this vulnerability
    Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data.

    How to fix this vulnerability?
    = Disable TRACE Method on the web server.

    TRACK Method Enabled



    HTTP TRACK method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACK method. Additionally, IIS 5 does not log requests made with TRACK method.
    This vulnerability affects Web Server.
    The impact of this vulnerability?
    Attackers may abuse HTTP TRACK functionality to gain access to information in HTTP headers such as cookies and authentication data.

    How to fix this vulnerability?
    = Disable TRACK Method on the web server.

    CVS files found



    CVS (Concurrent Versions System) files have been found on this directory. The CVS directory is a special directory. CVS/Entries lists files and subdirectories registered into the server. CVS/Repository contains the path to the corresponding directory in the repository. CVS/Root contains the path to the repository.
    This vulnerability affects /CVS/Repository.
    The impact of this vulnerability
    These files may expose sensitive information that may help an malicious user to prepare more advanced attacks.

    Remove the files from production systems.

    WoW that is a lot of errors maybe you should fix those eh?
     
  2. GMail

    GMail New Member

    Joined:
    Jul 6, 2008
    Messages:
    16
    Likes Received:
    2
    Trophy Points:
    0
    Re: BatchMan your Site is VERY VERY VUNERABLE

    Title has a spelling mistake
     
    shabbir likes this.
  3. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    Corrected and thanks for pointing that out. Reputation given
     
  4. XXxxImmortalxxXX

    XXxxImmortalxxXX New Member

    Joined:
    Jun 27, 2007
    Messages:
    561
    Likes Received:
    19
    Trophy Points:
    0
    what was the error and thanks for pointing that out :)
     
  5. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,375
    Likes Received:
    388
    Trophy Points:
    83
    Check out his Posts title and it is spelled as VUNERABLE instead of VULNERABLE
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice