Black Friday"
0
Go To Cart
Your Cart is currently empty!
Product update
Coupon
add
Coupon code invalid! Please re-enter!
AJAX loader
Go To Cart Total : 0 checkout
You are here: HomeForum
Welcome, Guest
Forgot your password? Forgot your username? Create an account
SmartAddons
Public Forums
Free Joomla Templates
SJ News

This Is Security Issue? Please Help Me To Fix This
(1 viewing) (1) Guest
Userguide, Report bugs, New Ideas...
Reply Topic
New Topic
  • Page:
  • 1

TOPIC: This Is Security Issue? Please Help Me To Fix This

This Is Security Issue? Please Help Me To Fix This 12 years ago #5583

Dear Admin

I have installed SJ News Quickstart on my local webserver, and then i do a penetration testing with nikto. The result is like this

+ OSVDB-2820: /index.php?dir=<script>alert('Vulnerable')</script>: Auto Directory Index 1.2.3 and prior are vulnerable to XSS attacks.
+ OSVDB-50552: /index.php?file=Liens&op=\"><script>alert('Vulnerable');</script>: Nuked-klan 1.3b is vulnerable to Cross Site Scripting (XSS). www.cert.org/advisories/CA-2000-02.html.
+ /index.php?action=storenew&username=<script>alert('Vulnerable')</script>: SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page. CA-200-02.
+ OSVDB-38019: /?mod=<script>alert(document.cookie)</script>&op=browse: Sage 1.0b3 is vulnerable to Cross Site Scripting (XSS). www.cert.org/advisories/CA-2000-02.html.
+ OSVDB-25497: /index.php?rep=<script>alert(document.cookie)</script>: GPhotos index.php rep Variable XSS.
+ OSVDB-8193: /index.php?module=ew_filemanager&type=admin&func=manager&pathext=../../../etc: EW FileManager for PostNuke allows arbitrary file retrieval.
+ OSVDB-12606: /index.php?err=3&email=\"><script>alert(document.cookie)</script>: MySQL Eventum is vulnerable to XSS in the email field.
+ OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.
+ OSVDB-119: /?PageServices: The remote server may allow directory listings through Web Publisher by forcing the server to show all files via 'open directory browsing'. Web Publisher should be disabled. CVE-1999-0269.
+ OSVDB-119: /?wp-cs-dump: The remote server may allow directory listings through Web Publisher by forcing the server to show all files via 'open directory browsing'. Web Publisher should be disabled. CVE-1999-0269.
+ OSVDB-2790: /index.php?vo=\"><script>alert(document.cookie);</script>: Ralusp Sympoll 1.5 is vulnerable to Cross Site Scripting (XSS). www.cert.org/advisories/CA-2000-02.html.

Can you fix the XSS Vulnerable? Thanks
Reply Quote

Re: This Is Security Issue? Please Help Me To Fix This 12 years ago #5584

  • loitt
  • OFFLINE
  • Platinum Boarder
  • Posts: 2222
  • Karma: 48
Dear Alfian Firnando,

Could you please tell me about the version of php which you use now?

Thanks
Ticket System | Join our Clubs to download our extensions and templates
Reply Quote
The following user(s) said Thank You: aldich229

Re: This Is Security Issue? Please Help Me To Fix This 12 years ago #5601

Dear Admin

PHP Version 5.4.7

Thanks
Reply Quote
Reply Topic
New Topic
  • Page:
  • 1
SmartAddons
Public Forums
Free Joomla Templates
SJ News
Powered by Kunena
Time to create page: 0.22 seconds
Xtore Opencat Theme

Notification

Please find your issue via Suggested Posts before submitting your question. We have solved the most of issues and maybe your issue was solved before.
TigerHostings - WordPress Hosting Service
eMarket - Multipurpose MarketPlace OpenCart 4 Theme

Latest My Topics

No posts to display.

More Topics »

Love all our templates?

Join our membership clubs starting at $49 only for access to all of our templates

Join Now
Home Pricing
0
Go To Cart
Your Cart is currently empty!
Product update
Coupon
add
Coupon code invalid! Please re-enter!
AJAX loader
Go To Cart Total : 0 checkout
SearchSupport
Magento Themes Magento Extensions Free Magento Extensions Prestashop Themes Prestashop Modules Magento 2 Themes