HBH Penetration Testing Challenge
HBH Penetration Testing Challenge
<img src='http://i6.photobucket.com/albums/y222/hack4u/header.jpg' width='80%'> HBH Members have been asked to penetration test a new cms for a corporate web designer. Anyone is welcome to try and could be a bit of fun trying your skills on a real life website.
He thinks its pretty secure already but wants a few of your top dogs to take a look at it. If you find anything that could used dangerously, then email: nucleocide@yahoo.com
ghost 17 years ago
I submitted an article on the subject at HTS and I have no idea how the system works over there so I probably didn't submit it to HTS at all lol.
Jake definately takes the lead, finding a big security hole in my site, obtaining a sha1 of my password among other usefull info.
ghost 17 years ago
Thanks for everyones help! Several errors were found, nothing too serious (at least not that would have made it to the production site). Jake found the biggest problems while K_ros found the most small problems.
ghost 17 years ago
yeah, i checked it out, pretty much same stuff i found, the layout problem system mentioned and array being shown on registration. Other than that notta
ghost 17 years ago
it does have XSS in the registration form.. first go here.. http://www.whiteacid.org/misc/xss_post_forwarder.php?xss_target=http://www.deeva.info/hellbound/?s=register%26x&username=XSS%20here%22%3E%3Cscript%3Ealert%28String.fromCharCode(88,83,83)%29%3C%2Fscript%3E%3Cx&firstname=&lastname=&displayname=&password=&password2=&email=&address=&city=&state=AL&zip=&phone=&gender=0&Submit=Submit and press Submit
then go here http://www.deeva.info/hellbound/?s=register
-maluc