WEB Critique my new site please!

Discussion in 'OT Technology' started by MikeTheVike1, Dec 20, 2009.

  1. MikeTheVike1

    MikeTheVike1 OT Supporter

    Joined:
    Aug 29, 2002
    Messages:
    5,840
    Likes Received:
    0
    I haven't had a website since I took my college design portfolio offline years ago. I'm completely new to blogging besides subscribing to a ton of other design blogs. I've been wanting to create a design blog for a while now. Finally sat down and did it. I really moved out of my comfort zone with the look of it. Tried to use a color scheme that I can't use on some of my clients' boring corporate sites.

    I used Expression Engine CMS and updated to the newest version 2.0 yesterday. I really like it. Still getting used to the admin, it's not as user friendly as I think it should be. Anyway, critique away!

    http://www.thatdeadpixel.com
     
  2. Phasm

    Phasm OT Supporter

    Joined:
    Sep 20, 2005
    Messages:
    9,680
    Likes Received:
    0
    Location:
    Michigan
    i like it
     
  3. FLY-FAST

    FLY-FAST OT Supporter

    Joined:
    Sep 30, 2003
    Messages:
    8,713
    Likes Received:
    3
    Location:
    boston, MA
    you are running legacy php

    disable track method

    I didn't test for it, but, it's likely this site is vuln to directory traversal vulnerability
     
  4. MikeTheVike1

    MikeTheVike1 OT Supporter

    Joined:
    Aug 29, 2002
    Messages:
    5,840
    Likes Received:
    0
    Would you mind giving me some more details about what all that means? I could pass it to the CMS creators and my host...
     
  5. FLY-FAST

    FLY-FAST OT Supporter

    Joined:
    Sep 30, 2003
    Messages:
    8,713
    Likes Received:
    3
    Location:
    boston, MA
    The POST variable RET = ownage

    I found a few vulnerabilities in the CMS...

    1) [COLOR=#da00]/article/articles_posting_in_the_near_future[/COLOR].

    A remote malicious user can redirect users from your website to a specified URL. This problem may assist an attacker to conduct phishing attacks, trojan distribution, spammers...

    Here is the vector:
    The POST variable RET can been set to http://www.whateverIwantbadsite.com

    ACT=1&RET=http://whateverIwantbadsite.com&URI=article%2Farticles_posting_in_the_near_future&[email protected]&XID=8969a5a65b7cc24bd42122d95e9a09be23c57f2e&entry_id=8&site_id=1&name=FOO&email=sample%40email%2Etst&url=http%3A%2F%2F&[email protected]&submit=Submit

    Here is another problem... I did NOT confirm this, but, I suspect with a little messing around, I could find a directory traversal vulnerability:

    http://www.thatdeadpixel.com:80/%c0...ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd

    Note, that link INTENTIONALLY isn't going to return anything... I don't want an OT'er grabbing your etc/passwd file... :nono:

    The implication of this vulnerability is that a remote atacker can download arbitrary files via directory traversal attacks.

    This really isn't a vulnerability per se, but, if it were me I would obsfucate:
    [COLOR=#da00]/cgi-bin[/COLOR]
    [COLOR=#da00]/development[/COLOR]
    [COLOR=#da00]/images/uploads[/COLOR]
    It basically just allows someone to garner a better understanding of how your site is architected.
     
  6. MikeTheVike1

    MikeTheVike1 OT Supporter

    Joined:
    Aug 29, 2002
    Messages:
    5,840
    Likes Received:
    0
    Thanks, I passed this info to the creators of the cms. Are these problems something that is common on other CMS's? Such as Wordpress and Drupal?
     
  7. FLY-FAST

    FLY-FAST OT Supporter

    Joined:
    Sep 30, 2003
    Messages:
    8,713
    Likes Received:
    3
    Location:
    boston, MA
    Disabling trace is really just a best practice...

    URL redirection isn't a huge problem - again, more of a best practice...

    The directory traversal can lead to compromise of your username / password hash
     
  8. FLY-FAST

    FLY-FAST OT Supporter

    Joined:
    Sep 30, 2003
    Messages:
    8,713
    Likes Received:
    3
    Location:
    boston, MA
    Hey, do you have a contact name / email / phone for the company? If so, and you can put me in touch with them, I'll give them a list of the issues, affected parameters, and the correct dir traversal path to etc/passwd
     
  9. Ricky

    Ricky █▄ █▄█ █▄ ▀█▄

    Joined:
    Jun 17, 2005
    Messages:
    38,767
    Likes Received:
    6
    thnx. hacking your website. brb
     
  10. MikeTheVike1

    MikeTheVike1 OT Supporter

    Joined:
    Aug 29, 2002
    Messages:
    5,840
    Likes Received:
    0
    Any thoughts on the design. layout, etc.?
     

Share This Page