Closed

correct and add features to asp script - repost

Make existing asp script compatible for chrome and friefox, remove some security bugs, add some extra features.

script is smilar with these [url removed, login to view] can be downloaded from here

[url removed, login to view]

i want to add navigation end of page,

example here : [url removed, login to view]

make compatible script for chrome and firefox and add some extra features

and remove some security bugs on search and login forms ,

from these files ;

[url removed, login to view]

i have one other script to remove this security bugs too,

here;

[url removed, login to view]

bug 1:
Vulnerability Text:
CGI Generic SQL Injection (2nd pass)

Nessus Output:
Port: 80/tcp During testing for arbitrary command execution (time based; intrusive) vulnerabilities; SQL errors were noticed; suggesting that the scripts / parameters listed below may also be vulnerable to SQL Injection (SQLi). -------- request -------- POST /Search/default1.asp HTTP/1.1 Host: 141.29.2.20 Accept-Charset: iso-8859-1;utf-8;q=0.9;*;q=0.1 Accept-Language: en Content-Type: application/x-www-form-urlencoded Connection: Keep-Alive Content-Length: 185 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Pragma: no-cache Accept: image/gif; image/x-xbitmap; image/jpeg; image/pjpeg; image/png; */* search=Search&date=20130211112146&category=13&keywords=%7C%7C%20ping%20-c%203%20127.0.0.1%20;%20x%20%7C%7C%20ping%20-i%203%20127.0.0.1%20;%20x%20%7C%7C%20ping%20-n%203%20127.0.0.1%20%26 ------------------------ -------- output -------- <!--begin content--> <h1>Search</h1><p>Search the blog by enteri [...] <p>Microsoft JET Database Engine</font> <font face="Arial" size=2>error '80040e14'</font> <p> <font face="Arial" size=2>Syntax error (missing operator) in query [...] ------------------------ During testing for arbitrary command execution (time based) vulnerabilities; SQL errors were noticed; suggesting that the scripts / parameters listed below may also be vulnerable to SQL Injection (SQLi). -------- request -------- POST /Search/default1.asp HTTP/1.1 Host: 141.29.2.20 Accept-Charset: iso-8859-1;utf-8;q=0.9;*;q=0.1 Accept-Language: en Content-Type: application/x-www-form-urlencoded Connection: Keep-Alive Content-Length: 92 User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Pragma: no-cache Accept: image/gif; image/x-xbitmap; image/jpeg; image/pjpeg; image/png; */* search=Search&date=20130211112146&category=13&keywords=%26%20ping%20-n%203%20127.0.0.1%20%26 ------------------------ -------- output -------- <!--begin content--> <h1>Search</h1><p>Search blog by enteri [...] <p>Microsoft JET Database Engine</font> <font face="Arial" size=2>error '80040e14'</font> <p> <font face="Arial" size=2>Syntax error (missing operator) in query [...] ------------------------

Suggested Resolution:
Modify the relevant CGIs so that they properly escape arguments.

bug 2 :
OS: MS / Windows Server 2003 R2 Service Pack 2
Vulnerability ID: 1CN55903
Vulnerability Text:
CGI Generic Cross-Site Scripting (extended patterns)

Nessus Output:
Port: 80/tcp Using the GET HTTP method; Nessus found that : + The following resources may be vulnerable to cross-site scripting (extended patterns) : + The 'QueryString' parameter of the /hata-takip/Login.asp CGI : /hata-takip/Login.asp?QueryString=509"%20src="http://www.example.com/exp loit509.js -------- output -------- </td> <td class="DataTD"> <input type="hidden" name="ret_page" value=""><input type="hidden" name= "querystring" value="509" src="http://www.example.com/exploit509.js"> <input type="hidden" name="FormName" value="Login"> <input type="text" name="Login" value="" maxlength="50"> ------------------------

Suggested Resolution:
Restrict access to the vulnerable application. Contact the vendorfor a patch or upgrade.

Skills: ASP, HTML, Website Design

See more: php script indir, php indir, add 44, add chrome, script navigation, add features existing website php, login script asp net, chrome repost, asp net forms design, features asp script, php login script asp net, asp security, default chrome, article features, login forms, chrome default page, compatible asp firefox, smilar, security asp net, repost article website, remove scripts website, navbar, make website security scripts, make website compatible firefox, make login page asp

About the Employer:
( 11 reviews ) istanbul, Turkey

Project ID: #4350929

8 freelancers are bidding on average $194 for this job

shmai

asp expert is here, for more see PM. regards,

$225 USD in 6 days
(209 Reviews)
7.1
Vikaskukki

Hi Hope you are doing good, I am ready to getting this done for you , please provide me the website url and ftp details Thanks

$210 USD in 5 days
(16 Reviews)
5.1
amanmahal07

Having 8+ yrs of experience in [url removed, login to view] provide you with quality [url removed, login to view]

$199 USD in 7 days
(10 Reviews)
3.5
tCognition

I am a Graphics/Web Designer/Developer with 8+ years of Professional experience. I specialize in CMS designs (WordPress, Joomla, Drupal, ) Ecommerce (Magento , Zencart, Opencart) and responsive themes. I Specialize More

$250 USD in 3 days
(1 Review)
3.1
aqm163

I have putted a private message to bid this project.

$180 USD in 3 days
(0 Reviews)
0.0
arpitadwivedi

We have gone through the details of your project. we have a specialized team of software professionals who can complete your project very efficiently. we have done different kind of assignments and would be pleased t More

$150 USD in 10 days
(0 Reviews)
0.0
shakeel1

Hi , I have 8 year of exp in classic ASP, .net, C#, SQL , Javascript and web based application . I will give you life time support of your application free of cost .. pls reply and give a chance to work with you More

$200 USD in 9 days
(0 Reviews)
0.0
rajeshmyle

Hi, I have very good experience in Classic asp, i'm good at fixing the issues.I worked with BT, TDC(Denmark) and Telenor(Sweden). Please look at my profile below. I am working as a Senior Consultant in India. As More

$140 USD in 3 days
(0 Reviews)
0.0