Pages:
Author

Topic: Lending Website (Read 1547 times)

full member
Activity: 148
Merit: 100
June 30, 2013, 08:40:13 AM
#34
Seems like some serious bugs, or glitches. Can't log-in. I guess it's because I registered from another computer/IP.

Yeah, if you give me your ip I can add it to my white list if you like.

Oh, that's why I couldn't log in.

You do know some people have dynamic IP's that change up to once an hour, right?

Yes I know.  It is for security.  I should probably put some kind of message to the user when this happens so people are not scratching their heads...
full member
Activity: 196
Merit: 100
June 30, 2013, 04:29:17 AM
#33
Seems like some serious bugs, or glitches. Can't log-in. I guess it's because I registered from another computer/IP.

Yeah, if you give me your ip I can add it to my white list if you like.

Oh, that's why I couldn't log in.

You do know some people have dynamic IP's that change up to once an hour, right?
full member
Activity: 148
Merit: 100
June 29, 2013, 07:19:23 PM
#32
Seems like some serious bugs, or glitches. Can't log-in. I guess it's because I registered from another computer/IP.

Yeah, if you give me your ip I can add it to my white list if you like.
Activity: -
Merit: -
June 29, 2013, 06:59:26 PM
#31
Seems like some serious bugs, or glitches. Can't log-in. I guess it's because I registered from another computer/IP.
full member
Activity: 148
Merit: 100
June 29, 2013, 05:11:35 PM
#30
I am able to login and my username is "'"

Did you try recently?  I am trying to pull up your profile and it kicks me out.

Apparently you deleted my profile now...

Nope you are still in there.  I can change your user name if you like....
full member
Activity: 196
Merit: 100
June 29, 2013, 03:22:57 PM
#29
I am able to login and my username is "'"

Did you try recently?  I am trying to pull up your profile and it kicks me out.

Apparently you deleted my profile now...
full member
Activity: 148
Merit: 100
June 29, 2013, 12:36:10 PM
#28
I am able to login and my username is "'"

Did you try recently?  I am trying to pull up your profile and it kicks me out.
full member
Activity: 148
Merit: 100
June 29, 2013, 12:33:15 PM
#27
I really hope for your own sake that you learn from this lesson and close this site before you get burned for real.
It's not just "I'll fix these bugs and it'll be ok". Trust me, there are more of them.

Come back after 2 years with enough experience to make this work.

Actually, why do I even bother about you? Some people just have to learn the hard way.
J.R.R. Tolkien - "The burned hand teaches best. After that, advice about fire goes to the heart."

"Look before you leap for as you sow, ye are like to reap."
Samuel Butler
full member
Activity: 196
Merit: 100
June 29, 2013, 12:00:22 PM
#26
I am able to login and my username is "'"
full member
Activity: 148
Merit: 100
June 29, 2013, 11:39:19 AM
#25
I have no idea what I am looking at.

I think some malformed database or query is the source but I hope this is not normal what I am seeing:


What is your user name?  If you do not use a common user name, which they may be perceived as an attempt to penetrate the system.  Then you will not be able to login.

I see the most recent user that registered is named "."
full member
Activity: 196
Merit: 100
June 29, 2013, 08:44:22 AM
#24
I have no idea what I am looking at.

I think some malformed database or query is the source but I hope this is not normal what I am seeing:
full member
Activity: 148
Merit: 100
June 29, 2013, 08:39:01 AM
#23
Fixed XSS errors and added encrypted session hashing.

Working on SSL now.  Need to get my validation done and I will get it up and running shortly.
full member
Activity: 148
Merit: 100
June 28, 2013, 03:11:49 PM
#22
I did some light testing on your site.

I was able to register as the username admin.

You are running:
Apache/2.2.16 (Debian) Server at www.lendmecoin.com Port 80

This version is vulnerable.
http://httpd.apache.org/security/vulnerabilities_22.html

You also have some XSS vulnerabilities:



Another one would be that you have been logged out of lendmecoin.



Yes I did notice that you were able to register as the admin.  I will be solving XSS security issues sometime today after I get home from work.

Thank you for pointing out the vulnerabilities of the apache that I am currently using.  I will visit your link sometime this weekend and get anything that I have missed sorted out.

Thanks again for all the help.
vip
Activity: 1316
Merit: 1043
👻
June 28, 2013, 12:20:24 PM
#21
I did some light testing on your site.

I was able to register as the username admin.

You are running:
Apache/2.2.16 (Debian) Server at www.lendmecoin.com Port 80

This version is vulnerable.
http://httpd.apache.org/security/vulnerabilities_22.html

You also have some XSS vulnerabilities:



Another one would be that you have been logged out of lendmecoin.

sr. member
Activity: 406
Merit: 250
June 28, 2013, 08:54:20 AM
#20
just signed up... not qualified for anything.

How do I take a loan?  Was going to try it out.  Looks like a cool site.
full member
Activity: 148
Merit: 100
June 28, 2013, 07:04:23 AM
#19
So, how do I increase my credit score?

Your credit will increase over time automatically, if you have a valid bitcoin address in the system.  You can also complete loans, and that will give you a boost for every one that is completed.
full member
Activity: 223
Merit: 100
June 28, 2013, 03:08:07 AM
#18
So, how do I increase my credit score?
vip
Activity: 1316
Merit: 1043
👻
June 27, 2013, 10:21:13 PM
#17
I'm happy to look over your code and explain to you how to fix it (and how people can exploit it).
full member
Activity: 148
Merit: 100
June 27, 2013, 10:18:09 PM
#16
Any suggestions that do not involve having others do the work for me?

If my site crashes and burns I want to at least learn something from the experience.
hero member
Activity: 784
Merit: 1000
0xFB0D8D1534241423
June 27, 2013, 07:46:06 PM
#15
I am thinking of using Back Track 5 to test my system.  Would anyone recommend something different for penetration testing?
You better hire a pentester.
Pages:
Jump to: