Re: [4.83+ BTC PAID]{CoinBooster.io} Earn UP TO 67m Sats Per Day / NEW UPGRADES
I have completed the Vulnerability Scan. I have found Problems as follows:
There are about 10 more issues, which I will not show here, in sake of the web-site's security.
Application errors & Possible SQL Injections:
Vulnerable Javascript Libraries:
Error message on pages, which can disclose sensitive information:
Very Minor PHP Configuration Issue:
Conclusion:
A serious hacker can rip this web-site.
There are about 10 more issues, which I will not show here, in sake of the web-site's security.
Application errors & Possible SQL Injections:
Code:
GET DATA: ?feed[0]=rss2&p=1
http://coinbooster.io/community/?feed[0]=rss2&p=1
POST DATA: submit=Post%20Comment&author[]=1&comment=1&comment_parent=0&comment_post_ID=1&email=sample%40email.tst&url=1
http://coinbooster.io/community/wp-comments-post.php
POST DATA: wp-submit=Log%20In&log[]=1&pwd=1&redirect_to=http://coinbooster.io/community/wp-admin/&rememberme=forever&testcookie=1
http://coinbooster.io/community/wp-login.php
http://coinbooster.io/community/?feed[0]=rss2&p=1
POST DATA: submit=Post%20Comment&author[]=1&comment=1&comment_parent=0&comment_post_ID=1&email=sample%40email.tst&url=1
http://coinbooster.io/community/wp-comments-post.php
POST DATA: wp-submit=Log%20In&log[]=1&pwd=1&redirect_to=http://coinbooster.io/community/wp-admin/&rememberme=forever&testcookie=1
http://coinbooster.io/community/wp-login.php
Vulnerable Javascript Libraries:
Code:
/community/wp-includes/js/jquery/jquery-migrate.min.js
/phpmyadmin/js/jquery/jquery-1.8.3.min.js
/phpmyadmin/js/jquery/jquery-ui-1.9.2.custom.min.js
/roundcube/plugins/jqueryui/js/jquery-ui-1.9.1.custom.min.js
/roundcube/plugins/jqueryui/themes/larry/jquery-ui-1.9.1.custom.css
/roundcube/program/js/jquery.min.js
/webmail/plugins/jqueryui/js/jquery-ui-1.9.1.custom.min.js
/webmail/plugins/jqueryui/themes/larry/jquery-ui-1.9.1.custom.css
/webmail/program/js/jquery.min.js
Web references:
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
/phpmyadmin/js/jquery/jquery-1.8.3.min.js
/phpmyadmin/js/jquery/jquery-ui-1.9.2.custom.min.js
/roundcube/plugins/jqueryui/js/jquery-ui-1.9.1.custom.min.js
/roundcube/plugins/jqueryui/themes/larry/jquery-ui-1.9.1.custom.css
/roundcube/program/js/jquery.min.js
/webmail/plugins/jqueryui/js/jquery-ui-1.9.1.custom.min.js
/webmail/plugins/jqueryui/themes/larry/jquery-ui-1.9.1.custom.css
/webmail/program/js/jquery.min.js
Web references:
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Error message on pages, which can disclose sensitive information:
Code:
http://coinbooster.io/community/wp-admin/includes/admin.php
http://coinbooster.io/community/wp-content/themes/topcat-lite/
http://coinbooster.io/community/wp-content/themes/topcat-lite/
Very Minor PHP Configuration Issue:
Code:
php.ini
display_errors = 'on'
http://coinbooster.io/phpmyadmin/test.php
display_errors = 'on'
http://coinbooster.io/phpmyadmin/test.php
Conclusion:
A serious hacker can rip this web-site.
Well, someone have work to do
