logo
::[Home]
::[News]
::[Challenges]
::[Ranking]
::[My Account]
::[Forum]
::[Chat]
::[Private Messages]
::[Vulnerable Code]
::[Tutorials]
::[Downloads/Scripts]
::[Support]
::[Links]
::[Contact/FAQ]
::[Login]
0 anonymous
Views: 1073328 Challenges: 342
Users: 12689 Online: 10

Settings
Search
0 new posts

Login... – 9 Posts

  • Login...

    07/06/2005 09:20
    sniperkid's Avatar sniperkid 5440
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    didn't know quite where to put this but how easily do u think this could be exploited (this is part of my site btw).<br><br>$username = $_POST['username'];<br>$password = $_POST['password'];<br><br> $query = \"SELECT * From users WHERE username = '$username' AND password = '$password'\";<br><br>also it sets a cookie with the username and password and everypage that you open is tested to see if it exists and if its correct.<br><br>if you want to pm me instead of letting people exploit it <img alt="\&quot;;)\&quot;" src="%5C"> then feel free.<br><br>
    Edit
    Reply
    Quote
    0 Likes
  • 07/06/2005 09:20
    sebasjm's Avatar sebasjm 350
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    Hi sniperkid!<br><br>I'm not s o good with the exploit it! but I think I can help you, indeed I will try <img alt="\&quot;;)\&quot;" src="%5C"><br> &lt; <img alt="\&quot;:teach:\&quot;" src="%5C"> &gt;<br>First, the best you can do when you use variables by POST, GET, Cookie, etc.... is first ask if they exist like this:<br><br>$username = isset($_POST['username'])?$_POST['username']:\"\";<br>$password = isset($_POST['password'])?$_POST['password']:\"\";<br><br>so, they 2 vars will always have a value, but they cant have any value!!! <br><br>What I would do is to check them for just have chars from A to Z and a to z ( or maybe 0 to 9 too ) and if it doesn't, say to the user that he put bads values. All this checks in in the server, off course.<br><br>And for the cookie, I suggest to you to use PHP sessions because you have all the vars in the server side and they ( the users ) can't see any thing except the PHP session ID. Otherwise they can change the value of the vars. ( and you don't have to check if the user exist every time <img alt="\&quot;;)\&quot;" src="%5C"> )<br>&lt; / <img alt="\&quot;:teach:\&quot;" src="%5C"> &gt;<br>I hope that it help to you<img alt="\&quot;:thumbsup:\&quot;" src="%5C"><br>And let me know if I made a mistake up there, i'm learning tooo!! <img alt="\&quot;LOL\&quot;" src="%5C"><br><br>Good Luck!<br><br>EDIT: I almost forgot. Here is everything -----&gt; php.net &lt;-----<br><br>SebaS!
    Edit
    Reply
    Quote
    0 Likes
  • 07/06/2005 09:20
    theblacksheep's Avatar theblacksheep 5610
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    I would use: <br><br>$username = mysql_escape_string ($_POST['username']);<br>$password = mysql_escape_string ($_POST['password']);<br><br>If you do not filter the input it might be possible to inject sql information depending on your php configuration.
    Edit
    Reply
    Quote
    0 Likes
  • 07/06/2005 09:20
    alt3rn4tiv3's Avatar alt3rn4tiv3 2940
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    I usually check for isset() and empty() first, then I have a function which i always use (for mysql or not):<br><br>function aformat($msg) {<br> $nmsg = urlencode(addslashes(htmlspecialchars(htmlentities($msg))));<br> return $nmsg;<br>}<br><br>if necessary, i'll add regexp too.
    Edit
    Reply
    Quote
    0 Likes
  • 07/06/2005 09:20
    diskis's Avatar diskis 310
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    That's pretty much what I usually use... but I do store the hash in the cookie, not the real pass<br><br>setcookie(\"usercookie\",$user);<br>setcookie(\"passcookie\",md5sum($password));<br><br>and then check it with:<br>sanitycheck($_COOKIE[\"usercookie\"] // generalpurpose filter, lets through a..z and 0..9<br>$result= select password from users where user=$_COOKIE['usercookie']<br>if (md5sum($result[password]) != $_COOKIE[\"passcookie\"]) { die(\"don't tamper with your cookies, please\") } else { go on with code }<br><br>Well, it used to add a bit security, now it's just a nuisanse, after those online reverse lookup tables for md5sums appeared <img alt="\&quot;:)\&quot;" src="%5C">
    Edit
    Reply
    Quote
    0 Likes
  • 07/06/2005 09:20
    brainpower's Avatar brainpower 170
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    use less common variabls on the serverside (e.g. $uname $pswrd )<br><br>
    Edit
    Reply
    Quote
    0 Likes
  • 07/06/2005 09:20
    sniperkid's Avatar sniperkid 5440
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    it isn't my site but from what i can understand it sets username = $username and password = $password (varibles are entered values and are not null). And on every page (on a include) bit it checks the database to see if the username and password are correct, if it is then it displays the page if it isn't then it removes the cookie and puts u back to the login page. I was thinking a bit of sql injection for the password field but no success so far. Ill keep trying <img alt="\&quot;:devil4:\&quot;" src="%5C">.<br><br>
    Edit
    Reply
    Quote
    0 Likes
  • 07/06/2005 09:20
    sebasjm's Avatar sebasjm 350
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    Hi brainpower<br><br>using less common variables will make less readable the source code, i don't think that is a good idea.<br>maybe denied the access to that vars and checking all the inputs, but that is all about isn't it? <img alt="\&quot;:D\&quot;" src="%5C"><br><br>bye
    Edit
    Reply
    Quote
    0 Likes
  • 07/06/2005 09:20
    brainpower's Avatar brainpower 170
    Not SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot SpecifiedNot Specified
    hi sebasjm<br>yes it will make the source less readable but if the find a bug in the source(example: no correct use of echo() ) thee will not find so easy the vars like your password ore something else<br><br>greats Brainpower
    Edit
    Reply
    Quote
    0 Likes