The following warnings occurred:
Warning [2] Undefined variable $unreadreports - Line: 26 - File: global.php(961) : eval()'d code PHP 8.2.25 (Linux)
File Line Function
/global.php(961) : eval()'d code 26 errorHandler->error
/global.php 961 eval
/showthread.php 28 require_once





× This forum is read only. As of July 23, 2019, the UserSpice forums have been closed. To receive support, please join our Discord by clicking here. Thank you!

  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Penetration testing
#2
Hi, a little update, I spoofed the form and managed to get entries into the DB without validation.

I haven't managed to do any SQL injection, since I'm not a coder, but I did manage to fill the username field with everything (/ \ * ?) except for double quotes which were entered as ". I can't say this has caused much harm, but I can't help wonder if a more skilled and malicious person could do something.

The method was by removing all the ID='username', ID='fname', and then generate a real csrf and copy it to the spoof form.

Some suggestions might be to:

1. set the field length in the MYSQL database to match the allowable character limit set by userspice. Currently, most DB fields allow 255 chars. This could be reduced for the username and password fields at least.

2. change the submit function so the validation doesn't depend on any client-side stuff (i.e. javascript).

Hope that helps you out in some way.

T.
  Reply


Messages In This Thread
Penetration testing - by tomdickson - 03-18-2016, 09:30 AM
Penetration testing - by tomdickson - 03-18-2016, 11:56 AM
Penetration testing - by mudmin - 03-18-2016, 01:21 PM
Penetration testing - by mudmin - 03-18-2016, 01:26 PM
Penetration testing - by tomdickson - 03-19-2016, 02:14 AM
Penetration testing - by mudmin - 03-19-2016, 04:45 PM
Penetration testing - by mudmin - 03-23-2016, 01:14 PM
Penetration testing - by brian - 03-23-2016, 03:36 PM
Penetration testing - by tomdickson - 03-23-2016, 07:23 PM
Penetration testing - by mudmin - 03-25-2016, 01:27 PM

Forum Jump:


Users browsing this thread: 8 Guest(s)