Is is possbile to hack this admin page ?

Discuss how to write good code, break bad code, your current pet projects, or the best way to approach novel problems

Is is possbile to hack this admin page ?

Post by schnapy on Wed Aug 25, 2010 1:09 pm
([msg=44295]see Is is possbile to hack this admin page ?[/msg])

Hello,

I've created this login admin page. Can you help me to tell if can be hacked and how ?
It is vulnerable to sql injection ?

Code: Select all
<?php

include_once('../_config/_config.php');

include_once('../_library/_library.php');

load_helpers(array('_mysql','_validation','_mailer','_template'),'../');



$template   =new Template('_template');

$validation =new Validation;

$mail       =new PHPMailer();

$database   =new MySQL(true, ''.DATABASE.'', ''.HOST.'', ''.USERNAME.'', ''.PASSWORD.'');



if ($database->Error()) $database->Kill();



$er_login='';

$no_login='';

$er_recover='';

$no_recover='';

$ok='';

$show='';



if(isset($_POST['login'])) {



$source= array(

            'username' => @$_POST['username'],

            'parola'   => @$_POST['password']

              );

         

$rules = array(

            'username'=>array('type'=>'string', 'required'=>true, 'min'=>1, 'max'=>50, 'trim'=>true),

            'parola'  =>array('type'=>'string', 'required'=>true, 'min'=>1, 'max'=>50, 'trim'=>true)

            );         



$validation->addSource($source);

$validation->addRules($rules);

$validation->run();



if(sizeof($validation->errors) > 0)

{



$er_login=$validation->errors;



} else {



$database->Query("SELECT `username`, `level` FROM admin WHERE `username`='".$validation->sanitized['username']."' AND `password`='".md5($validation->sanitized['parola'])."' AND active='1' LIMIT 1");



if($database->RowCount()==1) {



$admin=$database->RowArray(0, MYSQL_ASSOC);

$_SESSION['ADMIN']=$admin['username'];

$_SESSION['LEVEL']=$admin['level'];

header('Location: '.SITE.'/admin/home/');

exit();

} else {

$no_login='Datele de logare in partea de administrare sunt incorecte!';

}



}



}





if(isset($_POST['recover'])) {



$source= array(

            'username' => @$_POST['username'],

            'email'    => @$_POST['email']

              );

         

$rules = array(

            'username'=>array('type'=>'string', 'required'=>true, 'min'=>1, 'max'=>50, 'trim'=>true),

            'email'   =>array('type'=>'string', 'required'=>true, 'min'=>1, 'max'=>50, 'trim'=>true)

            );         



$validation->addSource($source);

$validation->addRules($rules);

$validation->run();



if(sizeof($validation->errors) > 0)

{



$er_recover=$validation->errors;



} else {



$database->Query("SELECT `username`, `email`, `ID` FROM admin WHERE `username`='".$validation->sanitized['username']."' AND `email`='".$validation->sanitized['email']."' AND active='1' LIMIT 1");



if($database->RowCount()==1) {



$data=$database->RowArray(0, MYSQL_ASSOC);



$password=random_string('alnum',8);



$database->Query("UPDATE admin SET `password`='".md5($password)."' WHERE ID='".$data['ID']."' LIMIT 1");
schnapy
New User
New User
 
Posts: 1
Joined: Wed Aug 25, 2010 1:07 pm
Blog: View Blog (0)


Re: Is is possbile to hack this admin page ?

Post by Cryptovirus on Thu Aug 26, 2010 4:02 am
([msg=44342]see Re: Is is possbile to hack this admin page ?[/msg])

Not sure, but it appears that anyone can reset passwords knowing the username and email?
Cryptovirus
New User
New User
 
Posts: 21
Joined: Wed Aug 25, 2010 7:37 am
Blog: View Blog (0)


Re: Is is possbile to hack this admin page ?

Post by eggscrambler on Wed Nov 23, 2011 3:16 am
([msg=63017]see Re: Is is possbile to hack this admin page ?[/msg])

What you need to realize is that anything is hackable. It is impossible to make something that has no vulnerabilities. However you can get rid of the more obv vulns just remember that because it is essential.
eggscrambler
New User
New User
 
Posts: 16
Joined: Thu Apr 28, 2011 11:30 pm
Blog: View Blog (0)


Re: Is is possbile to hack this admin page ?

Post by tremor77 on Wed Nov 23, 2011 2:32 pm
([msg=63021]see Re: Is is possbile to hack this admin page ?[/msg])

eggscrambler wrote:What you need to realize is that anything is hackable. It is impossible to make something that has no vulnerabilities. However you can get rid of the more obv vulns just remember that because it is essential.


I wouldn't say that, there are in fact many ways to develop a perfectly secure login, however not always as functional and friendly as they may need to be.

@schnappy: just reviewing your code isn't enough to tell me exactly how secure it may or may not be. Other factors come in to play such as the server hosting environment, php and mysql versions, etc.

-Is it LAMP or IIS?
-Are there other security measures in place?
-Is this using an outdated version of PHP or MYSQL?
-Did someone leave register globals ON?
-Are there other portions of the website that use GET or POST methods that may not be directly associated with your login but still make calls to the database?
-Are the proper read/write permissions set?
-Is .htaccess being used and if so it is being used properly?

One thing I see is that you are using SESSIONS - it should be known that sessions can be spoofed and hijacked.

You are also using the 'header' method as a redirect, this can also be exploited.. as well as being tricky in programming properly.. injecting some characters or whitespace before the header output can potentially cause code or environment variables to be exposed.

Hope this helps.
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 860
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Is is possbile to hack this admin page ?

Post by Defience on Wed Nov 23, 2011 3:18 pm
([msg=63027]see Re: Is is possbile to hack this admin page ?[/msg])

tremor77 wrote:
eggscrambler wrote:What you need to realize is that anything is hackable. It is impossible to make something that has no vulnerabilities. However you can get rid of the more obv vulns just remember that because it is essential.


I wouldn't say that, there are in fact many ways to develop a perfectly secure login, however not always as functional and friendly as they may need to be.

@schnappy: just reviewing your code isn't enough to tell me exactly how secure it may or may not be. Other factors come in to play such as the server hosting environment, php and mysql versions, etc.

-Is it LAMP or IIS?
-Are there other security measures in place?
-Is this using an outdated version of PHP or MYSQL?
-Did someone leave register globals ON?
-Are there other portions of the website that use GET or POST methods that may not be directly associated with your login but still make calls to the database?
-Are the proper read/write permissions set?
-Is .htaccess being used and if so it is being used properly?

One thing I see is that you are using SESSIONS - it should be known that sessions can be spoofed and hijacked.

You are also using the 'header' method as a redirect, this can also be exploited.. as well as being tricky in programming properly.. injecting some characters or whitespace before the header output can potentially cause code or environment variables to be exposed.

Hope this helps.


+1
User avatar
Defience
Addict
Addict
 
Posts: 1275
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)


Re: Is is possbile to hack this admin page ?

Post by tremor77 on Wed Nov 23, 2011 3:25 pm
([msg=63028]see Re: Is is possbile to hack this admin page ?[/msg])

@defience: gratz on admin - when did this happen.. i'm far too randomly active.
Image
User avatar
tremor77
Contributor
Contributor
 
Posts: 860
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Is is possbile to hack this admin page ?

Post by Defience on Wed Nov 23, 2011 8:29 pm
([msg=63029]see Re: Is is possbile to hack this admin page ?[/msg])

tremor77 wrote:@defience: gratz on admin - when did this happen.. i'm far too randomly active.


It's been like that for some time, doesn't mean much though 8-)
User avatar
Defience
Addict
Addict
 
Posts: 1275
Joined: Thu Jun 12, 2008 3:16 pm
Blog: View Blog (0)



Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests