Security issue?

Discuss the many weaknesses of browser security and ways to mitigate the threat

Security issue?

Post by jObooW on Mon Sep 20, 2010 6:24 am
([msg=46188]see Security issue?[/msg])

When I visited a very popular website today all it displayed was this in plain text:
string(973) "LoginusrnetherlandPasswordExtremely1Secret$Password!usrnetherlandExtremely1Secret$Password!oID40077417 " NULL


When I refreshed multiple times it didn't happen again, just that one time.
It looks like a part of an sql query containing a password, but it just seems so random to display this.

Any ideas if this could be a security threat, or what caused this and how it was caused?
If it means anything I'd report this instantly to the webmaster of the site for karma :D
jObooW
New User
New User
 
Posts: 2
Joined: Sat Aug 08, 2009 5:20 am
Blog: View Blog (0)


Re: Security issue?

Post by tremor77 on Mon Sep 20, 2010 8:55 am
([msg=46195]see Re: Security issue?[/msg])

Could have happened as a result of server load, or a connection failure between yourself and the host. A server service may have been shut off or restarting as well, so you may have caught a brief maintenance blip... That being said, it still is a problem of a poorly formed query or form submission that shouldn't be appearing on a well designed site. Any further details about the site, like if they are using a CMS or forum software.. etc.. I might be able to get more specific.
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 870
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Security issue?

Post by jObooW on Mon Sep 20, 2010 9:06 am
([msg=46197]see Re: Security issue?[/msg])

tremor77 wrote:Could have happened as a result of server load, or a connection failure between yourself and the host. A server service may have been shut off or restarting as well, so you may have caught a brief maintenance blip... That being said, it still is a problem of a poorly formed query or form submission that shouldn't be appearing on a well designed site. Any further details about the site, like if they are using a CMS or forum software.. etc.. I might be able to get more specific.

I don't think it was a connection failure between me and the host, because the string isn't returning in any headers.
They are probably using their own CMS, it's a dutch news website that is part of IDG.com, which is a pretty large company.
The servers run Red Hat with Apache, that's all I know :|
jObooW
New User
New User
 
Posts: 2
Joined: Sat Aug 08, 2009 5:20 am
Blog: View Blog (0)


Re: Security issue?

Post by 0xBEEF1337 on Sat Oct 02, 2010 4:19 pm
([msg=46918]see Re: Security issue?[/msg])

Delete.
0xBEEF1337
Experienced User
Experienced User
 
Posts: 75
Joined: Wed Jul 07, 2010 11:34 pm
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests