Need help proofing an new website...

[Swiss Tony]

Hi all, have a looksie here and see if you can find a way through (ie bust it) I've just finished the site and need it DF tested..

Sigman

Cheers for all the help

Guys..

Post any errors you find here :-

Swiss

[whatnow]

how about this error?

Directory Listing Denied
This Virtual Directory does not allow contents to be listed.

This is for the index...

[Swiss Tony]

keep trying, i like this, and yep it should be secure

[Karoline]

This is the only thing you get on the site.. Directory Listing Denied
This Virtual Directory does not allow contents to be listed.

[whatnow]

back to the drawing board tony

[Swiss Tony]

haha just realised the error of my ways, put all the data on a dr server... ah well i'll try again and let you know once i've worked out my arse from my elbow

[Mario87]

" You are not authorized to view this page

You might not have permission to view this directory or page using the credentials you supplied.

--------------------------------------------------------------------------------

If you believe you should be able to view this directory or page, please try to contact the Web site by using any e-mail address or phone number that may be listed on the domain906735.sites.fasthosts.com home page.

You can click Search to look for information on the Internet.




HTTP Error 403 - Forbidden
Internet Explorer "

[Deadly]

Main page is loading now...and so is every link i tried...sure i missed a few though. Looks not bad

[skel28]

What screen size is it designed for? On the 17" widescreen laptop there is a sideways scroll bar.

[Deadly]

Im using a 17inch CRT...1024x768...none sideways scrollbars here...

[Ryan5262]

nice simple design but effective ! i like it nice work mate!

[whatnow]

there's a site critique section ya know, U might as well move this there

[flipper321]

Formatting issue -

Site works fine with no scroll bars except (from what I've found) - in OUR SERVICES

Integrity in performance
AND
Integrity in data
AND Under Integrity in storage the
Managed service section...

[willyboy]

Not bad at all mate. Well done

[Spennyboy]

there's a site critique section ya know, U might as well move this there

Very True, Done.

[zoro25]

by breaking it do you mean like this?
cp.sigman.co.uk leads to easy to crack password protected part of site (need to limit retries)
exchange.sigman.co.uk same as above limit retries
mailserver.sigman.co.uk times out for me (but something is there I could just be on the wrong port)
ssh.sigman.co.uk same thing but something is there times out
webmail.sigman.co.uk - BINGO - nice easy to crack entry - I can't be arsed and don't have the time but I would normally go to the software provider in this case fasthosts.co.uk and download a copy to check out the installation procedure and files and then try and root this way.
click on support on the webmail page and you get taken to fasthosts page where you can login there, only problem they have is they they are easy to exploit with SQL injection,
I'm not going to give a step by step guide but typing '1=1 (include the single quote) will prove the point. By using other forms of SQL injection I could a list of all users and their passwords if I had time on my hands.
http://webmail.sigman.co.uk/images/ - you need to turn off all directory browsing

If you block these login portals you will be more secure, and will not be inviting hackers.

z

[WTD]

great post m8 k+