Login mission :)

Discuss the many weaknesses of browser security and ways to mitigate the threat

Login mission :)

Post by VeseliTigar on Tue Jul 27, 2010 7:02 pm
([msg=42847]see Login mission :)[/msg])

Hey folks i have mission for anyone interested, i made a simple login application.
So anyone who is interested here's the link.

http://php.budeei.com/index.php

I own that domain name 100%. Who break it send me how did you hack so i could improve it cheers. :D :D
VeseliTigar
New User
New User
 
Posts: 8
Joined: Thu Jul 22, 2010 3:53 pm
Blog: View Blog (0)


Re: Login mission :)

Post by Goatboy on Tue Jul 27, 2010 7:19 pm
([msg=42848]see Re: Login mission :)[/msg])

It'd be nice if it were in English.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2788
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Login mission :)

Post by VeseliTigar on Tue Jul 27, 2010 7:25 pm
([msg=42849]see Re: Login mission :)[/msg])

Goatboy wrote:It'd be nice if it were in English.

I thought i translated it. My bad.
VeseliTigar
New User
New User
 
Posts: 8
Joined: Thu Jul 22, 2010 3:53 pm
Blog: View Blog (0)


Re: Login mission :)

Post by tucak on Wed Jul 28, 2010 4:49 am
([msg=42868]see Re: Login mission :)[/msg])

lokacija.php throws back a parse error.
If you get the "Your login is coming from unfamiliar location!" page, the go back link is not working.
tucak
New User
New User
 
Posts: 47
Joined: Wed Jun 04, 2008 12:20 pm
Blog: View Blog (0)


Re: Login mission :)

Post by VeseliTigar on Wed Jul 28, 2010 9:09 am
([msg=42879]see Re: Login mission :)[/msg])

tucak wrote:lokacija.php throws back a parse error.
If you get the "Your login is coming from unfamiliar location!" page, the go back link is not working.


Hmmm i tried it now, but it is okay with me. I'll check up code carefuly to see where's the error. Thx anyway :)
VeseliTigar
New User
New User
 
Posts: 8
Joined: Thu Jul 22, 2010 3:53 pm
Blog: View Blog (0)


Re: Login mission :)

Post by tucak on Wed Jul 28, 2010 9:46 am
([msg=42882]see Re: Login mission :)[/msg])

Its working now :)

Heres how to login to another account without password, if you know the username:
1. Login as your user
2. Change your projectlogin cookie to the target's (or you will need to go through them blindly, becouse you dont know your targets projectlogin, its a normal integer)
3. Open http://php.budeei.com/lokacija.php?name=[user]&code=[md5] where user is your target and md5 is the md5 of the first 3 numbers of your ip (eg.: for 1.2.3.4 it is md5(123))
4. on profile.php go through projectlogin until it says "[username] dobro dosli."
It worked for me.
tucak
New User
New User
 
Posts: 47
Joined: Wed Jun 04, 2008 12:20 pm
Blog: View Blog (0)


Re: Login mission :)

Post by sanddbox on Wed Jul 28, 2010 10:50 am
([msg=42885]see Re: Login mission :)[/msg])

tucak wrote:lokacija.php throws back a parse error.
If you get the "Your login is coming from unfamiliar location!" page, the go back link is not working.


Sounds like it wants a different referer.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2337
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests