rickblack28
Chevereto Noob
XSS/Cross Site Scripting, RISK: LOW (These XSS won't work in current new browsers)
1) in all of /
2) via ?urls string
3) Also the underscore'd subject's
SPDY Heap B-Overflow, RISK: VERY HIGH! .. you'r database will get compromised soon.
(Those who can exploit this will have the ability to execute bash/cmd codes)
(CVE-2014-0133), this does not apply for people with the latest version of nginx.
==============
Web Application error's, RISK: LOW ( its just some information disclosure )
1) at Album
2) at Explore
Fatal error [400]: Limit integrity violation
Triggered in /app/lib/classes/class.listing.php at line 175
Stack trace:
#0 /app/routes/route.album.php(72): CHV\Listing->exec()
#1 /lib/G/classes/class.handler.php(206): G\Handler->{closure}(G\Handler)
#2 /lib/G/classes/class.handler.php(110): G\Handler->processRequest()
#3 /app/loader.php(304): G\Handler->__construct(Array)
#4 /index.php(20): include_once('/app/loader.php')
As the error above says... something goes wrong at line 175 http://demo.chevereto.com/app/lib/classes/class.listing.php
==============
And Damn! you have a problem with putting some protection on CSRF?
1) /
2) /account/password-forgot
3) /login
4) /najonila
5) /page/contact
6) /page/privacy
7) /page/tos
8) /signup
... and text is sent in clear text, RISK: MEDIUM
this means that MITM (man in the middle) Attack's can see Login Credentials in clear text.
You should send password and username encrypted in post request
make your script encrypt the strings (Just SSL Wont stop Form Grabbers)
Brute force is also possible, RISK: Very Low
1) in all of /
2) via ?urls string
3) Also the underscore'd subject's
SPDY Heap B-Overflow, RISK: VERY HIGH! .. you'r database will get compromised soon.
(Those who can exploit this will have the ability to execute bash/cmd codes)
(CVE-2014-0133), this does not apply for people with the latest version of nginx.
==============
Web Application error's, RISK: LOW ( its just some information disclosure )
1) at Album
2) at Explore
Fatal error [400]: Limit integrity violation
Triggered in /app/lib/classes/class.listing.php at line 175
Stack trace:
#0 /app/routes/route.album.php(72): CHV\Listing->exec()
#1 /lib/G/classes/class.handler.php(206): G\Handler->{closure}(G\Handler)
#2 /lib/G/classes/class.handler.php(110): G\Handler->processRequest()
#3 /app/loader.php(304): G\Handler->__construct(Array)
#4 /index.php(20): include_once('/app/loader.php')
As the error above says... something goes wrong at line 175 http://demo.chevereto.com/app/lib/classes/class.listing.php
==============
And Damn! you have a problem with putting some protection on CSRF?
1) /
2) /account/password-forgot
3) /login
4) /najonila
5) /page/contact
6) /page/privacy
7) /page/tos
8) /signup
... and text is sent in clear text, RISK: MEDIUM
this means that MITM (man in the middle) Attack's can see Login Credentials in clear text.
You should send password and username encrypted in post request
make your script encrypt the strings (Just SSL Wont stop Form Grabbers)
Brute force is also possible, RISK: Very Low