Is this login exploitable?

Discuss the many weaknesses of browser security and ways to mitigate the threat

Is this login exploitable?

Post by xkr3wx on Fri Jun 26, 2009 6:55 pm
([msg=25955]see Is this login exploitable?[/msg])

iwas wondering if the login on "my website" is exploitable

any one who can find a weakness would be greatley thanked as it will help me "improve" the site

<label for="login-username" class="login-text">Username</label>
<input tabindex="1" type="text" class="login-field" name="credentials.username" id="login-username" value="user" maxlength="32" />
</li>
<li>
<label for="login-password" class="login-text">Password</label>
<input tabindex="2" type="password" class="login-field" name="credentials.password" id="login-password" maxlength="32" />
<input type="submit" value="Log in" class="submit" id="login-submit-button"/>
<a href="#" id="login-submit-new-button" class="new-button" style="margin-left: 0;display:none"><b style="padding-left: 10px; padding-right: 7px; width: 55px">Log in</b><i></i></a>
</li>
xkr3wx
New User
New User
 
Posts: 1
Joined: Fri Jun 26, 2009 6:49 pm
Blog: View Blog (0)


Re: Is this login exploitable?

Post by mischief on Fri Jun 26, 2009 7:28 pm
([msg=25956]see Re: Is this login exploitable?[/msg])

weaknesses in forms generally aren't found on the html side, but they can be.

weaknesses are usually found in the code that interprets the form data.
The whole secret of existence is to have no fear. Never fear what will become of you, depend on no one. Only the moment you reject all help are you freed.
--Buddha
User avatar
mischief
Poster
Poster
 
Posts: 355
Joined: Wed Jan 07, 2009 4:16 pm
Blog: View Blog (0)


Re: Is this login exploitable?

Post by einari on Mon Jul 27, 2009 8:40 am
([msg=27526]see Re: Is this login exploitable?[/msg])

If I may continue on the subject, I have small batch of pics I want to share via web and the simplest way to restrict access that I can think of is something along the lines:
Code: Select all
<? if( $_POST['pass'] == 'password' ) {
   echo"";
   } else {
   header( 'Location: login.html');
   } ?>

Rest of the page prints a table with pics

the directory has a blank index.html to prevent unauthorized viewing. I was wondering how big a risk there is that someone can make the page print stuff before headers and therefore get to see the rest of the page, which is plain html. The above is all the php there is. Am I completely out of my mind trying to keep this as simple as possible. (the pics are just random pics of my drunken friends, nothing too sensitive, but still somewhat better not to put them on open directory :))
einari
New User
New User
 
Posts: 2
Joined: Mon Jul 27, 2009 3:33 am
Blog: View Blog (0)


Re: Is this login exploitable?

Post by thedotmaster on Mon Jul 27, 2009 9:47 am
([msg=27527]see Re: Is this login exploitable?[/msg])

Edit: Oh crap, I just realised. The way you were doing it was fine. Still, this code will work for multiple files etc, as long as you have the second code snippet at the top.

First of all have a simple login form called 'login.php' or something.
Code: Select all
<?php
session_start();
if ($_SESSION['login'] == True) {
  header("location:SomePics.php");
}
if($_GET['login'] == 'true') {
  $user = $_POST['user'];
  $pass = $_POST['pass'];
  if ($user == 'username' && $pass == 'password') {
   $_SESSION['login'] = True;
   header("location:SomePics.php");
  } else {
   header("location:login.php?err=1");
  }
} else {
  if ($_GET['err'] == '1')
   echo "Invalid username and password';
  echo "<form action='login.php?login=true' method='post'><input type='text' name='user'/>";
  echo "<input type='password' name='pass'/>";
  echo "<input type='submit' value='Login' />";
}
?>


Then in 'SomePics.php', start off with:
Code: Select all
<?php
if ($_SESSION['login'] == True)
  header("location:login.php");
?>


This code hasn't been tested but should work. I don't code in PHP often so that may not also be the best nor most secure way to do things. However it will give you some basic security.
Note that anyone can go to the source directory of the images, unless you mess around with .htaccess

Hope this helped
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: Is this login exploitable?

Post by einari on Mon Jul 27, 2009 10:15 am
([msg=27529]see Re: Is this login exploitable?[/msg])

thedotmaster wrote:Edit: Oh crap, I just realised. The way you were doing it was fine. Still, this code will work for multiple files etc, as long as you have the second code snippet at the top.
8<---Snip---->8


yeah, goal is just to block the casual browser, hence the empty index.html and as little as possible to have anything 'breakable', that's why I didn't want to hassle with sessions etc.
That was the most simple solution I could think of and just wanted to see if I forgot something :)

Thanks for the input.

Btw. There shouldn't be a way to see the directory index when there is an index-file, or is there?
einari
New User
New User
 
Posts: 2
Joined: Mon Jul 27, 2009 3:33 am
Blog: View Blog (0)


Re: Is this login exploitable?

Post by thedotmaster on Mon Jul 27, 2009 12:05 pm
([msg=27534]see Re: Is this login exploitable?[/msg])

einari wrote:
thedotmaster wrote:Edit: Oh crap, I just realised. The way you were doing it was fine. Still, this code will work for multiple files etc, as long as you have the second code snippet at the top.
8<---Snip---->8


yeah, goal is just to block the casual browser, hence the empty index.html and as little as possible to have anything 'breakable', that's why I didn't want to hassle with sessions etc.
That was the most simple solution I could think of and just wanted to see if I forgot something :)

Thanks for the input.

Btw. There shouldn't be a way to see the directory index when there is an index-file, or is there?


:P
Nope there isn't, but you might want to stick a .htaccess in there, denying people access just in case.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests

cron