Javascript login?

[Shaldivar]

Attempting to crack a relative's website (as a personal challenge for an extremely new hacker) I came across the admin login page and the login javascript but I can't seem to find the right exploit and how to utilise it...

I was wonderring if it was possible to change the 'true' to 'false' in the login check, or if there's an XSS method?
I'd like to be able to get through but I'm not looking for a straight-out answer, making this no real challenge, instead pointers would be great.

Thanks in advance!
~K

Code: Select all

<script type="text/javascript">
function logIn(){   
var lIcon = '<img src="editor_images/indicator.gif" />';
var login_a = jQuery("#login_a").val();
var pass_a = jQuery("#pass_a").val();
//
if(login_a != "" && pass_a != ""){   
   jQuery("#logempty").html(lIcon);
   jQuery("#logempty").fadeIn();
jQuery.ajax({
   type: "POST",
   url: "admin.php",
   data: "extramode=login&login_a="+encodeURIComponent(login_a)+"&pass_a="+encodeURIComponent(pass_a),
   success: function(data){
         //alert(data);
      if(data == 'OK'){
      var Url = 'admin.php?';      
      if(jQuery("#LiveEdit").attr('checked')==true)
         var Url = Url+'&LiveEdit=1';
      jQuery(".fheader").text("Preloading content...");
      jQuery("#mainLoginTable").fadeOut();
      jQuery("#mainLoginTd").css({'padding':'10px'});
      jQuery("#mainLoginTd").html(lIcon);
      
      window.location.href=Url;
      } else if (data == 'FAIL'){
      jQuery("#loginMsg").html("<strong>Password (or login) is incorrect!</strong><br /><br />");
      jQuery("#logempty").fadeOut();
      }
   }
});
}
}
</script>


[mutantsrus]

Not sure if this would work with JQuery, but you may be able to edit the value via inline JS like so:
javascript:jQuery("#LiveEdit").attr('checked')="true"
and if that doesnt work you could try something like:
javascript:document.getElementById("LiveEdit").checked="true"

Once again, not sure at all if this would work with JQuery. You could give it a shot though.

[Goatboy]

The authentication is sent to the admin.php page. Even if you did manage to get the JQuery to think the password was right, the content returned from admin.php would not be.

[mutantsrus]

The authentication is sent to the admin.php page. Even if you did manage to get the JQuery to think the password was right, the content returned from admin.php would not be.

After looking at it again, I see that Goatboy is right. The page content is pulled from a remote php file that doesn't rely on the JQuery for authentication. So even if you did trick the local aspect of the login, the server-side part would refuse to load your content. It's sorta like the timer on Programming missions here at HTS. Even if you edit the timer shown on the page you still run out of time. The timer is just for the user to see, while the actual time left is being counted server-side.

[Shaldivar]

So, if what I'm seeing is interpreted right, this is an example of a well secured java script based login page?

[Goatboy]

In so many words, yes.