Are these vulnerabilities?

[sqykly]

I'm worried about a site my client is linking to. It's using javascript only to sanitize its user registration form, which goes into a locally hosted DLL and Ajax. Everything is visible and accessible from the browser, which doesn't seem safe to me. Is there any way for an attacker to gain access to or deface my client's site in a different domain on a different server?

I'm also a little concerned about my client's site itself, as my client has been running an obnoxious spam campaign in well-known hacker hangouts. It's running php, apache 2.2.3 on centOS. There's only one publically accessible locally hosted page and the only links from it are to (1) a php script that redirects to the vulnerable partner and (2) some trashy javascript that tries to sucker the user into following the first link. The main page accepts a user id as an argument, but it doesn't appear to do anything. There are user inputs, but they're never submitted.

My client is also using the php version of GeoIP, for which I could swear I remember hearing about an exploit that allows read-only access to random users via unsanitized input. All of the GeoIP scripts are accessible from the web; in addition, two initialization scripts reside in the same folder, init.php and lp_init.php, the latter of which seems to dish out 500 error codes.

How much of this sounds vulnerable to you all? My client's spam targets are well known for ddos attacks and defacement. What would they use to get in? What sort of payload are we vulnerable to? How permanent would the damage be?

[jgreen45]

I'm worried about a site my client is linking to. It's using javascript only to sanitize its user registration form, which goes into a locally hosted DLL and Ajax. Everything is visible and accessible from the browser, which doesn't seem safe to me. Is there any way for an attacker to gain access to or deface my client's site in a different domain on a different server?

I read that once and I thought "What client is he using other than a browser" then I go it . I'm going to start with the easiest to answer question, how permanent it is. Unless the site constantly changes a backup stored on a separate hard disk or USB should suffice to get it back up, this way you will know it is vulnerable and can take measures. If my memory serves me correctly apache is notorious for DOS vulnerabilities, a new one was found recently here and Thetan wrote a great article on an attack where the attacker just needs to hold a connection open and the server will eventually crash.

So a DOS (not even a DDOS is needed) attack is quite possible, I know nginx doesn't have these vulnerabilities - if you are paranoid you might want to swap (it's free why not ?)

As for the threat of defacement if your passwords to any open ports are secure then it should be fine provided there are no exploits in the server, a quick search on exploit DB shows nothing of interest but maybe someone else can explain show me up...