This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

PHP version changer
#15
[Not Solved] RE: PHP version changer
like i said 3 of them are using Suhosin Php 7 is for testing
and Remember the Sentora panel is secured to Suhosin it is the default the other versions run on domains the user specifies it to run  on as in example post  
domain1.com php 5.5
domain2.com php 7
and so on now the Sentora panel is secured by its Suhosin patch Also there is other methods to secure a server not just the so mentioned

Security is not just for panels but all sites

i hope that makes sense to you

there is some security issues iam looking into
Code:
Login Cross Site Request Forgery (CSRF/XSRF)
What does this mean?
The web site seems to be lacking CSRF token on a login form.

What can happen?
An attacker can force an unsuspecting user to sign in to the attacker's account. What can be done
from there depends on the application. Example: An attacker can force an unsuspecting user to login
to the attacker's account, when the user then buys something the credit card is added to the attacker's
account.
Summary
Entry Found at CVSS
1 http://xxxxxxxx.tk/ 6.2
2 http://xxxxxxxxxxxx.tk/index.php 6.2
3 https://xxxxxxxxx/ 6.2
1. Login Cross Site Request Forgery (CSRF/XSRF)
Summary
Found at
http://xxxxxxxxx/
CVSS
6.2 of 10.0
Request Headers
GET / HTTP/1.1
Accept text/html application/xhtml+xml application/xml; q=0.9 image/webp */*; q=0.8
User-Agent Mozilla/5.0 (compatible; Detectify)

Host xxxxxxxx.tk
Cache-Control no-store, no-cache
Pragma no-cache
Accept-Encoding gzip deflate
Connection Keep-Alive
Response Headers
HTTP/1.1 200 OK
Pragma no-cache
Vary Accept-Encoding,User-Agent
Content-Encoding gzip
Keep-Alive timeout=15, max=150
Connection Keep-Alive
Content-Length 1860
Content-Type text/html; charset=UTF-8
Date Tue, 09 Feb 2016 01:50:17 GMT
Expires Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie PHPSESSID=xxxxxxxxxxxxxxxxxx; path=/
Server Apache/2.4.17 (Win32) mod_antiloris/0.6.0 mod_fcgid/2.3.9 OpenSSL/1.0.2e
PHP/5.6.15
X-Powered-By PHP/5.6.15
Details
<form role="form" method="post" name="frmZForgot" id="frmZForgot" style="display: none;">
<div class="form-group">
<label for="inPassword">E-mail:</label>
<div class="input-group merged">
<span class="input-group-addon"><i class="icon-mail"></i></span>
<input type="text" class="form-control" id="inputEmail" name="inForgotPassword"
placeholder="Email" required="">
</div>
</div>
<div class="form-group text-right">
<a href="javascript:void(0);" id="backtologin">(Back To Login)</a>
</div>
<button type="submit" class="btn btn-primary pull-right btn-margin" name="sublogin2"
value="LogIn">Sign in</button>
<input type="hidden" name="csfr_token"
value="8uu3y7kcg7a4wfugv0uwltexarrjskydic9kzeuskcludf7ckp"> </form>
<form role="form" method="post" name="frmZLogin" id="frmZLogin">
<div class="form-group">
<label for="inputUsername">Username:</label>
<div class="input-group merged">
<span class="input-group-addon"><i class="icon-user-male"></i></span>
<input type="text" class="form-control" id="inputUsername" name="inUsername"
placeholder="Username" required="">
</div>
</div>
<div class="form-group">
<label for="inPassword">Password:</label>
<div class="input-group merged">
<span class="input-group-addon"><i class="icon-key-1"></i></span>
<input type="password" class="form-control" id="inPassword" name="inPassword"
placeholder="Password" required="">
</div>
</div>
<div class="form-group text-right">
<a href="javascript:void(0);" id="forgotpw">(forgot password)</a>
</div>
<div class="form-group">
<input type="checkbox" data-label="Remember Me" name="inRemember"
value="1">Remember me
</div>
<div class="form-group">
<input type="checkbox" data-label="Enable Session Security"
name="inSessionSecurity" checked="">Enable Session Security
</div>
<button type="submit" class="btn btn-primary pull-right btn-margin" name="sublogin2"
value="LogIn">Sign in</button>
<input type="hidden" name="csfr_token"
value="8uu3y7kcg7a4wfugv0uwltexarrjskydic9kzeuskcludf7ckp"> </form>
Reply
Thanks given by:


Messages In This Thread
PHP version changer - by Theo - 12-21-2015, 04:44 AM
RE: PHP version changer - by Me.B - 12-21-2015, 06:12 AM
RE: PHP version changer - by TGates - 12-23-2015, 05:38 PM
RE: PHP version changer - by Me.B - 01-08-2016, 08:46 PM
RE: PHP version changer - by Theo - 02-01-2016, 10:31 PM
RE: PHP version changer - by ccr1969 - 02-05-2016, 02:01 AM
RE: PHP version changer - by apinto - 02-05-2016, 08:41 AM
RE: PHP version changer - by ccr1969 - 02-05-2016, 10:19 AM
RE: PHP version changer - by netfa - 02-08-2016, 12:45 AM
RE: PHP version changer - by ccr1969 - 02-08-2016, 06:37 AM
RE: PHP version changer - by Me.B - 02-08-2016, 06:02 AM
RE: PHP version changer - by apinto - 02-08-2016, 09:34 PM
RE: PHP version changer - by ccr1969 - 02-09-2016, 02:01 AM
RE: PHP version changer - by TGates - 02-09-2016, 03:30 AM
RE: PHP version changer - by ccr1969 - 02-09-2016, 11:21 AM
RE: PHP version changer - by TGates - 02-09-2016, 03:29 PM
RE: PHP version changer - by Kyrluckechuck - 03-21-2016, 03:10 PM
RE: PHP version changer - by ccr1969 - 05-17-2016, 12:43 PM
RE: PHP version changer - by TGates - 09-01-2016, 12:34 PM
RE: PHP version changer - by TGates - 09-03-2016, 03:59 AM
RE: PHP version changer - by ccr1969 - 09-09-2016, 03:28 AM
RE: PHP version changer - by hrace009 - 09-09-2016, 05:06 AM
RE: PHP version changer - by Fire - 05-09-2017, 08:22 PM
RE: PHP version changer - by type-00 - 10-08-2017, 04:06 AM
RE: PHP version changer - by type-00 - 10-08-2017, 06:45 PM
RE: PHP version changer - by betatester3.0 - 10-10-2017, 02:14 AM
RE: PHP version changer - by TGates - 10-10-2017, 03:38 AM
RE: PHP version changer - by type-00 - 10-10-2017, 04:54 PM
RE: PHP version changer - by TGates - 10-11-2017, 12:05 AM
RE: PHP version changer - by type-00 - 10-11-2017, 08:31 AM
RE: PHP version changer - by TGates - 10-12-2017, 11:11 PM
RE: PHP version changer - by type-00 - 10-13-2017, 06:13 AM
RE: PHP version changer - by cantalupo555 - 11-26-2017, 08:03 PM
RE: PHP version changer - by ccr1969 - 11-29-2017, 02:46 AM
RE: PHP version changer - by DkHosting - 11-29-2017, 04:36 AM
RE: PHP version changer - by TGates - 11-29-2017, 04:39 AM
RE: PHP version changer - by ccr1969 - 11-29-2017, 05:05 AM
RE: PHP version changer - by Ron-e - 12-03-2017, 06:14 PM
RE: PHP version changer - by ccr1969 - 12-28-2017, 02:24 PM
RE: PHP version changer - by aaronlroberts - 12-10-2017, 03:40 AM
PHP version changer - by type-00 - 12-03-2017, 05:18 AM
RE: PHP version changer - by gabriel15959 - 02-21-2018, 01:30 AM
RE: PHP version changer - by RactHosting - 03-17-2018, 08:37 PM
RE: PHP version changer - by windertal - 03-19-2018, 04:15 AM
RE: PHP version changer - by ccr1969 - 04-08-2018, 01:30 PM
RE: PHP version changer - by ccr1969 - 04-09-2018, 08:13 AM
RE: PHP version changer - by cantalupo555 - 05-09-2018, 07:00 PM
PHP version changer - by type-00 - 07-02-2018, 05:09 AM
RE: PHP version changer - by type-00 - 01-17-2019, 05:05 PM

Possibly Related Threads...
Thread Author Replies Views Last Post
Sentastico MediaWiki Requires Newer Version of PHP? dsmarter 1 2 372 08-19-2017, 03:45 AM
Last Post: TGates
How to install Select PHP Version cangkirhost 5 8 926 11-03-2016, 12:03 PM
Last Post: cangkirhost

Forum Jump:


Users browsing this thread: 1 Guest(s)