Javascript login?

Discuss the many weaknesses of browser security and ways to mitigate the threat

Javascript login?

Post by Shaldivar on Wed May 04, 2011 2:43 am
([msg=56959]see Javascript login?[/msg])

Attempting to crack a relative's website (as a personal challenge for an extremely new hacker) I came across the admin login page and the login javascript but I can't seem to find the right exploit and how to utilise it...

I was wonderring if it was possible to change the 'true' to 'false' in the login check, or if there's an XSS method?
I'd like to be able to get through but I'm not looking for a straight-out answer, making this no real challenge, instead pointers would be great.

Thanks in advance!
~K

Code: Select all
<script type="text/javascript">
function logIn(){   
var lIcon = '<img src="editor_images/indicator.gif" />';
var login_a = jQuery("#login_a").val();
var pass_a = jQuery("#pass_a").val();
//
if(login_a != "" && pass_a != ""){   
   jQuery("#logempty").html(lIcon);
   jQuery("#logempty").fadeIn();
jQuery.ajax({
   type: "POST",
   url: "admin.php",
   data: "extramode=login&login_a="+encodeURIComponent(login_a)+"&pass_a="+encodeURIComponent(pass_a),
   success: function(data){
         //alert(data);
      if(data == 'OK'){
      var Url = 'admin.php?';      
      if(jQuery("#LiveEdit").attr('checked')==true)
         var Url = Url+'&LiveEdit=1';
      jQuery(".fheader").text("Preloading content...");
      jQuery("#mainLoginTable").fadeOut();
      jQuery("#mainLoginTd").css({'padding':'10px'});
      jQuery("#mainLoginTd").html(lIcon);
      
      window.location.href=Url;
      } else if (data == 'FAIL'){
      jQuery("#loginMsg").html("<strong>Password (or login) is incorrect!</strong><br /><br />");
      jQuery("#logempty").fadeOut();
      }
   }
});
}
}
</script>
Shaldivar
New User
New User
 
Posts: 10
Joined: Wed May 04, 2011 2:23 am
Blog: View Blog (0)


Re: Javascript login?

Post by mutantsrus on Mon May 09, 2011 7:52 pm
([msg=57195]see Re: Javascript login?[/msg])

Not sure if this would work with JQuery, but you may be able to edit the value via inline JS like so:
javascript:jQuery("#LiveEdit").attr('checked')="true"
and if that doesnt work you could try something like:
javascript:document.getElementById("LiveEdit").checked="true"

Once again, not sure at all if this would work with JQuery. You could give it a shot though.
User avatar
mutantsrus
New User
New User
 
Posts: 40
Joined: Wed Jan 21, 2009 8:01 pm
Blog: View Blog (0)


Re: Javascript login?

Post by Goatboy on Mon May 09, 2011 8:26 pm
([msg=57201]see Re: Javascript login?[/msg])

The authentication is sent to the admin.php page. Even if you did manage to get the JQuery to think the password was right, the content returned from admin.php would not be.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2753
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Javascript login?

Post by mutantsrus on Mon May 09, 2011 9:58 pm
([msg=57204]see Re: Javascript login?[/msg])

Goatboy wrote:The authentication is sent to the admin.php page. Even if you did manage to get the JQuery to think the password was right, the content returned from admin.php would not be.


After looking at it again, I see that Goatboy is right. The page content is pulled from a remote php file that doesn't rely on the JQuery for authentication. So even if you did trick the local aspect of the login, the server-side part would refuse to load your content. It's sorta like the timer on Programming missions here at HTS. Even if you edit the timer shown on the page you still run out of time. The timer is just for the user to see, while the actual time left is being counted server-side.
User avatar
mutantsrus
New User
New User
 
Posts: 40
Joined: Wed Jan 21, 2009 8:01 pm
Blog: View Blog (0)


Re: Javascript login?

Post by Shaldivar on Tue May 10, 2011 4:15 am
([msg=57225]see Re: Javascript login?[/msg])

So, if what I'm seeing is interpreted right, this is an example of a well secured java script based login page?
Shaldivar
New User
New User
 
Posts: 10
Joined: Wed May 04, 2011 2:23 am
Blog: View Blog (0)


Re: Javascript login?

Post by Goatboy on Tue May 10, 2011 4:32 am
([msg=57226]see Re: Javascript login?[/msg])

In so many words, yes.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2753
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests