SitePoint Sponsor

User Tag List

Results 1 to 13 of 13
  1. #1
    o_O O_o BlueFire2k5's Avatar
    Join Date
    Mar 2003
    Location
    Sioux Falls, SD
    Posts
    475
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Another test hacking...

    If anyone would be kind enough to try and hack into my site(http://www.max-evolution.com/news.php) it would be grately appriciated. I'm still quite new to PHP and learning as I am trying to program a CMS for my site. It's not all done yet, as you can see, and it still needs a lot of work.

    Thanks a lot.

  2. #2
    SitePoint Addict -Ice-php's Avatar
    Join Date
    May 2002
    Location
    UK
    Posts
    260
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    not so much a hacking thing but on members.php
    it says my date registered is
    Thursday, January 01, 1970 12:00 AM

    Which of course it isnt ! LOL
    seems good
    -Ice

  3. #3
    o_O O_o BlueFire2k5's Avatar
    Join Date
    Mar 2003
    Location
    Sioux Falls, SD
    Posts
    475
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by -Ice-php
    not so much a hacking thing but on members.php
    it says my date registered is
    Thursday, January 01, 1970 12:00 AM

    Which of course it isnt ! LOL
    seems good

    Yeah, that was because register.php wasn't updated yet. It should work fine now.

    Other than the fact that my site seems to be down right now...

  4. #4
    SitePoint Wizard gold trophysilver trophy
    Join Date
    Nov 2000
    Location
    Switzerland
    Posts
    2,479
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK - was nicely into a hack and your server went down May try again some other time but here's some comments at first glance.

    You've coded with register_globals on - bad news. Although in theory it's not a problem, in practice we'll see - probably there's a hole there to exploit.

    Have a read of this: http://www.sitepoint.com/article/758 - highly recommended.

    Otherwise in your login form, I find this;

    Code:
    <input type="hidden" name="redirect" value="/news.php">
    <input type="hidden" name="hidheaders" value="1">
    Now don't tell me what they do yet - I'm just interested because I can reproduce them myself and see what it does...

    More some other time.

  5. #5
    o_O O_o BlueFire2k5's Avatar
    Join Date
    Mar 2003
    Location
    Sioux Falls, SD
    Posts
    475
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by HarryF
    OK - was nicely into a hack and your server went down May try again some other time but here's some comments at first glance.

    You've coded with register_globals on - bad news. Although in theory it's not a problem, in practice we'll see - probably there's a hole there to exploit.

    Have a read of this: http://www.sitepoint.com/article/758 - highly recommended.

    Otherwise in your login form, I find this;

    Code:
     
    <input type="hidden" name="redirect" value="/news.php"> 
    <input type="hidden" name="hidheaders" value="1">
    Now don't tell me what they do yet - I'm just interested because I can reproduce them myself and see what it does...

    More some other time.
    o_O, 'hidheaders'...

    No idea what that is, don't even remember coding that... o_o

    /me goes to look and see if he can fiind out what that is...

    Edit:


    Seems like thats the only script that its in... Must have started to do something and then changed...
    Last edited by BlueFire2k5; Mar 18, 2003 at 12:06.

  6. #6
    o_O O_o BlueFire2k5's Avatar
    Join Date
    Mar 2003
    Location
    Sioux Falls, SD
    Posts
    475
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yay, server is back up.

  7. #7
    SitePoint Wizard gold trophysilver trophy
    Join Date
    Nov 2000
    Location
    Switzerland
    Posts
    2,479
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK - site down again I'm afraid.

    Found one hack which may or may not be serious; you're relying on the cookie variables you store the username, hash and userid simply to exist - I can modify these and it still looks like I'm logged in although it says I'm logged in as '' (no name). Re-check the values on every page view.

    In general don't put this sort of information in a cookie - if anyone "sniffs" your connection they'll get a username/hask combination which they use to login to your site. Sessions are much better.

    I was just onto what may be another potential hack when the site when down... You need to check usernames / password for space characters. There's now a use called "Blue "...

    Enough already.

  8. #8
    o_O O_o BlueFire2k5's Avatar
    Join Date
    Mar 2003
    Location
    Sioux Falls, SD
    Posts
    475
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by HarryF
    OK - site down again I'm afraid.

    Found one hack which may or may not be serious; you're relying on the cookie variables you store the username, hash and userid simply to exist - I can modify these and it still looks like I'm logged in although it says I'm logged in as '' (no name). Re-check the values on every page view.

    In general don't put this sort of information in a cookie - if anyone "sniffs" your connection they'll get a username/hask combination which they use to login to your site. Sessions are much better.

    I was just onto what may be another potential hack when the site when down... You need to check usernames / password for space characters. There's now a use called "Blue "...

    Enough already.
    Ahh, good points. Never thought of checking for spaces...

    Thanks for everything that you've done to help!
    Last edited by BlueFire2k5; Mar 18, 2003 at 15:30.

  9. #9
    SitePoint Wizard gold trophysilver trophy
    Join Date
    Nov 2000
    Location
    Switzerland
    Posts
    2,479
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK - got in briefly and it went down again. Did manage to login with my dummy account; told me I was logged in as 'Blue' (no space...). Could be very serious.

  10. #10
    o_O O_o BlueFire2k5's Avatar
    Join Date
    Mar 2003
    Location
    Sioux Falls, SD
    Posts
    475
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've been rethinking the way I store the variables, and really all I need to store in a cookie would be the sessionhash, since it is updated in the database everytime someone logs in (sessionhash is bassed on mircotime()). Do you think that would help the secerity? (I really haven't used php sessions commands before and it would require re-doing a lot of things, so I would like to see if the cookies can be secure enough.)

    I'm also working on the space in username on registration bug.

  11. #11
    SitePoint Wizard gold trophysilver trophy
    Join Date
    Nov 2000
    Location
    Switzerland
    Posts
    2,479
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why use cookies at all. If you switch off register globals, all you need will be code like;

    PHP Code:
    session_start();

    echo ( 
    $_SESSION['username'] );
    echo ( 
    $_SESSION['hash'] ); 
    have a search here for some session related posts and you should find answers. Sessions are the way to go...

  12. #12
    SitePoint Addict sojomy's Avatar
    Join Date
    Jul 2002
    Location
    Dallas, TX
    Posts
    349
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by HarryF
    Why use cookies at all. If you switch off register globals, all you need will be code like;

    PHP Code:
    session_start(); 
     
    echo ( 
    $_SESSION['username'] ); 
    echo ( 
    $_SESSION['hash'] ); 
    have a search here for some session related posts and you should find answers. Sessions are the way to go...
    Well I hate to jump on the bandwagon, but, well, I'm a bandwagon jumper. HarryF, I still consider myself new at PHP (after a year) and I'm using sessions for my logins. You want to see how "well" it works?
    http://www.lethalgamers.com
    You can use the login page on the left menu, or go to some other pages that require a login (like "LAN Events" at the top left).

    Also, I just wanted to thank you (again) for the myAddSlashes() function you showed me (and everyone else in your article) a long time ago. I started using it in every one of my sites so that it will work whether magic_quotes_gpc is on or off. I also made the reverse function - myStripSlashes() - and found a few uses for it.

    Do you think someone should add a forum under the PHP forum called "Request to review/hack into my website"? Each thread could be a request/discussion about one URL. Maybe?

  13. #13
    o_O O_o BlueFire2k5's Avatar
    Join Date
    Mar 2003
    Location
    Sioux Falls, SD
    Posts
    475
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by sojomy
    Well I hate to jump on the bandwagon, but, well, I'm a bandwagon jumper. HarryF, I still consider myself new at PHP (after a year) and I'm using sessions for my logins. You want to see how "well" it works?
    http://www.lethalgamers.com
    You can use the login page on the left menu, or go to some other pages that require a login (like "LAN Events" at the top left).

    Also, I just wanted to thank you (again) for the myAddSlashes() function you showed me (and everyone else in your article) a long time ago. I started using it in every one of my sites so that it will work whether magic_quotes_gpc is on or off. I also made the reverse function - myStripSlashes() - and found a few uses for it.

    Do you think someone should add a forum under the PHP forum called "Request to review/hack into my website"? Each thread could be a request/discussion about one URL. Maybe?
    Hm, I think that wouldn't be a bad idea. If the people hacking them have enough time, that is.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •