Breach Password PHP thing

[siolnangaidheal]

Hi, Started learning this stuff for fun but got delayed by exams and crap.
To the point, I while playing the part of someone who knows what they are talking about with computers to get a favor from someone they asked me how secure their login page was. Stupidly I said not very.

This is it...

<html>
<head><title>Quick PHP Password Protection</title></head>
<body>
<center>
<h1>Quick PHP Password Protection</h1>
<span class="messages">Buddy, nice try, but wrong password or username. This is your attempt #3</span>
<div class="content">
<form action="login.php" method="POST">
<p>Username: <input type="username" name="username" value="" /></p>
<p>Password: <input type="password" name="password" value="" /></p>
<input type="submit" value="Login" name="submit" />
</form>
</div>
</center>
</body>
</html>

Not expecting much, I got myself into this but I'd appreciate if anyone could point out any obvious flaws or is it pretty secure?

Thanks

[WallShadow]

First off, welcome to HTS,

Second, just from the form that we see, there is very little that we can tell about it. We'd need to see the php script behind this in order to tell if there are significant weaknesses. You could try some SQLi, but he probably has that covered if he is already challenging you, unless he is retarded, in which case go ahead and try SQLi.

Oh, before I forget:

Disclaimer :
HackThisSite does not support illegal activities.
The management of this board is not responsible for the content of any external internet sites.

in case that wasn't clear enough yet.

[not_essence2]

Well, he will have to give you more information. At least, a website containing this and a fully functional version, as in actual usernames and passwords exist. Hard to determine without. Make him give you a URL. Otherwise, you have to tell the guy to bug off unless he comes back with one, because like WallShadow said, it's hard to determine with just that. You can complain that this form is exactly all that you get in a real-life situation, but if you go through the missions, you'll see what we're talking about.
I don't know much except for what the missions on this site calls for. You might want to explore those first, and stall with your friend.

[siolnangaidheal]

Hi, thanks for the reply. I have got a URL but I was reluctant to post it on a hacker forum that I had no experience of. I tried SQLi but that failed, couldn't get an error.

If you could tell me where I could access the script I could post it here. I also asked my friend for the script but I think he's just going to laugh at me.

I think this is the same thing here: http://codecanyon.net/item/quick-php-password-protection-login-system/97808

[LoGiCaL__]

@OP. You're looking at the wrong page. Like WallShadow said, you need to look at the source of the script itself (login.php) to actually tell how secure it is. The script is server side so unless you can find some kind of vuln where you can view it expect to test it without being able to see the source.

[siolnangaidheal]

@OP. You're looking at the wrong page. Like WallShadow said, you need to look at the source of the script itself (login.php) to actually tell how secure it is. The script is server side so unless you can find some kind of vuln where you can view it expect to test it without being able to see the source.

That is login.php, I'm going to use a website crawler to look for webpages it could be on but I think it's hidden.

[LoGiCaL__]

Yeah, but it's not showing the php code which is how the login is actually performed.

[not_essence2]

Maybe we could do a table-based SQLi? (Using the UNION ALL to bring out the tables)
Or we could just make an account there ourselves, and XSS whoever we want to gain access to, steal the cookies and copy them in for ourselves?

[LoGiCaL__]

You could always just download that pre-made login that was posted and create your own page and test it that way.

[siolnangaidheal]

So how would I use "UNION ALL" ?