+2
W trakcie analizy
првоерьте мой "репорт безопасности пожалуйста"
Владислав Образцов 12 lat temu
•
Ostatnio zmodyfikowane przez info (руководитель проекта) 12 lat temu •
1
Cross Site Scripting (verified)
Vulnerability description
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.
This vulnerability affects /gallery/album/2/image/78.
Discovered by: Scripting (XSS_in_URI.script).
Attack details
URI was set to "onmouseover='prompt(930696)'bad=">
The input is reflected inside a tag parameter between double quotes.
_______________________________
Vulnerability description
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.
This vulnerability affects /search.
Discovered by: Scripting (XSS.script).
Attack details
URL encoded POST input text was set to %d0%9f%d0%be%d0%b8%d1%81%d0%ba'"()&%prompt(920492)
__________________________________
Vulnerability description
Manual confirmation is required for this alert.
This page is using a weak password. Acunetix WVS was able to guess the credentials required to access this page. A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all possible passwords, such as words in the dictionary, proper names, words based on the user name or common variations on these themes.
This vulnerability affects /auth/login.
Discovered by: Scripting (Html_Authentication_Audit.script).
Attack details
Username: Administrator@fortplay.net, Password: changeme
______________________________________
могу еще скрины из проги предоставить....мера уязвимости хз (не хакер но если программа чет нашла то думаю злой ум им воспользуется)
Odpowiedź
Odpowiedź
W trakcie analizy
Пришлите, рассмотрим дополнительно. Но в общем критических уязвимостей в системе нет и не было, по крайней мере ни разу за всю историю существования не поступало сообщений о взломах.
дайте почту куда вам репорты скинуть.
программа может и понавыдумывала дырок....но что то та нашла,
Мы все хотим сделать ImageCms лучше и безопаснее ;)
Customer support service by UserEcho
Пришлите, рассмотрим дополнительно. Но в общем критических уязвимостей в системе нет и не было, по крайней мере ни разу за всю историю существования не поступало сообщений о взломах.