bitchgotraped
04-01-2011, 04:57 PM
Hey,
Well I currently work as an "IT Security" for this "Web Hosting Company".
So I was like let me test RGC and how well it's secured.
Sadly it isn't that's why I'm reporting the following alerts:
P.S Do not dare to PM me asking me "How Can I Work Out This Exploit"
1)PHP multipart/form-data denial of service
Any botnet can take out RGC servers completely.
How to fix this vulnerability
Workarounds:
1. Disable file uploads
If you don't need file uploading, you can disable this feature from php.ini
file_uploads = Off
2. Install PHP 5.3.1
If you cannot disable file uploading on your website, it's recommended to install the latest version of PHP. PHP 5.3.1 includes a patch for this problem:
- Added max_file_uploads INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
3. Install Suhosin PHP extension
The Suhosin PHP extension has an option named suhosin.upload.max_uploads. This option defines the maximum number of files that may be uploaded with one request and by default is set to 25. Suhosin PHP extension should not be confused with the Suhosin Patch which does not protect against this attack.
2) Apache 2.x version older than 2.2.10
cross-site scripting (XSS) attacks are easy on RGC
How to fix this vulnerability
Upgrade Apache 2.x to the latest version.
3)Possible sensitive directories
/stats/admin
How to fix this vulnerability
Restrict access to this directory or remove it from the website.
4)TRACE method is enabled
Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data.
How to fix this vulnerability
Disable TRACE Method on the web server.
5)Error page Web Server version disclosure
Information disclosure pattern found: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch Server at stats.rankedgaming.com Port 80
How to fix this vulnerability
If you are using Apache, you can setup a custom 404 page.
6) EXTREME DANGER "MySQL Enterprise Server v.5.0.52 Multiple"
Well a hacker can easy change stats, wins, ranks , score ...etc and even delete all the database. (ENOUGH SAID)
How to fix this vulnerability
Upgrade the MySQL Enterprise Server tot the latest version.
7) Port Scanning
Open Port 22 / ssh
Open Port 80 / http
Open Port 3306 / mysql
NOTE DOWN: This report isn't to abuse RGC but to fix it.
ANY pm to me from any user asking about the exploits will be considered as a threat, and I will report the user to Rogers for a perma IP BAN.
Thank You
Well I currently work as an "IT Security" for this "Web Hosting Company".
So I was like let me test RGC and how well it's secured.
Sadly it isn't that's why I'm reporting the following alerts:
P.S Do not dare to PM me asking me "How Can I Work Out This Exploit"
1)PHP multipart/form-data denial of service
Any botnet can take out RGC servers completely.
How to fix this vulnerability
Workarounds:
1. Disable file uploads
If you don't need file uploading, you can disable this feature from php.ini
file_uploads = Off
2. Install PHP 5.3.1
If you cannot disable file uploading on your website, it's recommended to install the latest version of PHP. PHP 5.3.1 includes a patch for this problem:
- Added max_file_uploads INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion.
3. Install Suhosin PHP extension
The Suhosin PHP extension has an option named suhosin.upload.max_uploads. This option defines the maximum number of files that may be uploaded with one request and by default is set to 25. Suhosin PHP extension should not be confused with the Suhosin Patch which does not protect against this attack.
2) Apache 2.x version older than 2.2.10
cross-site scripting (XSS) attacks are easy on RGC
How to fix this vulnerability
Upgrade Apache 2.x to the latest version.
3)Possible sensitive directories
/stats/admin
How to fix this vulnerability
Restrict access to this directory or remove it from the website.
4)TRACE method is enabled
Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data.
How to fix this vulnerability
Disable TRACE Method on the web server.
5)Error page Web Server version disclosure
Information disclosure pattern found: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny9 with Suhosin-Patch Server at stats.rankedgaming.com Port 80
How to fix this vulnerability
If you are using Apache, you can setup a custom 404 page.
6) EXTREME DANGER "MySQL Enterprise Server v.5.0.52 Multiple"
Well a hacker can easy change stats, wins, ranks , score ...etc and even delete all the database. (ENOUGH SAID)
How to fix this vulnerability
Upgrade the MySQL Enterprise Server tot the latest version.
7) Port Scanning
Open Port 22 / ssh
Open Port 80 / http
Open Port 3306 / mysql
NOTE DOWN: This report isn't to abuse RGC but to fix it.
ANY pm to me from any user asking about the exploits will be considered as a threat, and I will report the user to Rogers for a perma IP BAN.
Thank You