Login Bypass...

Discuss the many weaknesses of browser security and ways to mitigate the threat

Login Bypass...

Post by sandsphinx on Sat Sep 12, 2009 6:48 am
([msg=29531]see Login Bypass...[/msg])

Hi guys, i was just wondering, i was on my site recently and i tried to access the directory /storage/thumbnails/
Now the directory /storage is locked and basically you enter a webpage that asks you to login with a username and a password, now i was wondering wether anyone could give me techniques on how anyone could bypass that login page, i've looked through the source and tried to see if there was any holes, it seems pretty tight though...
Image
User avatar
sandsphinx
Poster
Poster
 
Posts: 206
Joined: Thu Mar 12, 2009 9:05 am
Blog: View Blog (0)


Re: Login Bypass...

Post by sanddbox on Sat Sep 12, 2009 11:39 am
([msg=29536]see Re: Login Bypass...[/msg])

I'm going to assume you're trying to penetration test your own site, not hack someone elses.

Well, there's a number of ways.

1). Keylog whoever types in the password

2). SQL Injection (unlikely), it's a bit more likely to be able to retrieve the password hashes with sql injection and crack those

3). Session ID hijacking

And a few others. Be sure you haven't hardcoded the password as sam loves to do.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2337
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: Login Bypass...

Post by thedotmaster on Sat Sep 12, 2009 4:53 pm
([msg=29542]see Re: Login Bypass...[/msg])

People assume that to bypass a login you have to attack the login form. That is not the case. Sanddbox, the poster above, says that SQL injection is unlikely. In the login form itself, he would be correct, but in the rest of the site it is quite likely that there will be security flaws.
A flaw in a comments script, for example, may be used to access any table in a database. You send input to the site in a number of ways, more ways that you would think.
The most obvious input is that which you send in the URL.
Next would be form data, but this can come in two types. Text fields can be manipulated as you like, but it is often overlooked that other fields - such as radio buttons and check-boxes can also be manipulated. Hidden fields too can be manipulated. At the end of the day, it may not be a web browser that is submitting that data.
Cookies are another way input is sent to the server.
User agents and referers - two things that may be stored in a database to record visitor stats - are another form of input.

It is also important to remember the outputs. The most obvious is your screen as a dynamically generated website, but others include a file on the server and a server log (injecting PHP code into a webserver log is often used in LFI attacks). Databases are another final destination of your input.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)


Re: Login Bypass...

Post by sandsphinx on Mon Sep 14, 2009 11:45 am
([msg=29625]see Re: Login Bypass...[/msg])

thanks alot for this, basically now ima create a "to-do list" of some of the points you have given, and make sure i have either checked them and made sure they have no flaws, and if they do make sure i fix them..
Image
User avatar
sandsphinx
Poster
Poster
 
Posts: 206
Joined: Thu Mar 12, 2009 9:05 am
Blog: View Blog (0)


Re: Login Bypass...

Post by thedotmaster on Mon Sep 14, 2009 2:27 pm
([msg=29635]see Re: Login Bypass...[/msg])

Feel free to post sourcecode up in a pastebin, such as: http://pastebin.com
Remember to remove all MySQL passwords, etc, if you do this - and don't paste URLs to your site (in case a vuln is found and exploited)
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests