Hi Laurent, Thanks for the feedback. I will be making another release shortly and I will fix those issues.
Regards, Dermot Blair On Thu, May 17, 2012 at 3:41 PM, laurent gaffie <[email protected]>wrote: > There's more ... > > File : display_register_form.php : > > $username = $_POST['regusername']; > $password = $_POST['regpassword']; > $email = $_POST['email']; > > if(connectToDb($db)) > { > $query = "SELECT * FROM users WHERE username = > '$username'"; > $result = $db->query($query); > if($result) > .... more injection below this query, no vars are filtered. > > > > 2012/5/17 laurent gaffie <[email protected]> > >> Hi Dermot, >> >> You have an injection SQL in the begin_crawl file; >> >> isset($_POST['specifiedUrl']) ? $urlToScan = $_POST['specifiedUrl'] : >> $urlToScan = ''; >> isset($_POST['testId']) ? $testId = $_POST['testId'] : $testId = 0; >> >> if(empty($urlToScan)) >> { >> echo 'urlToScan is empty'; >> $log->lfile('urlToScan is empty'); >> return; >> } >> >> $log->lwrite("URL to scan: $urlToScan"); >> >> $query = "UPDATE tests SET status = 'Preparing Crawl for $urlToScan' >> WHERE id = $testId;"; >> $db->query($query); >> >> Regards, >> Laurent >> >> 2012/5/16 Dermot Blair <[email protected]> >> >>> Hi All, >>> >>> >>> >>> There is a new web application vulnerability scanner available. It is >>> called WebVulScan and it is open source. Here is the link for it if you >>> want to check it out: http://code.google.com/p/webvulscan/ >>> >>> >>> >>> Regards, >>> >>> >>> >>> Dermot Blair >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
