Hacking PHP login
Looking to get some information on where to look to find exploits in a php login.
I have my own copy of the ALL the files for the script so I can go through the code to find exploits, I just don't have any access to the actual login I want to crack.
As far as I can tell the login is custom coded with php (not some login from like hotscripts or something). It has just login and password fields with a forgot my password feature. To retrieve the password you need user + email address and I don't know/have access to either.
Where should I start to look to find exploits? Would it help if I posted the script and/or gave the url to my own version of the script hosted on my own servers on my own domain. (no legal trouble)
Thanks for any help.
edit: I'm sure you'll need to know most specifics just ask me and I can check them out or I can post the url to the code and/or to the code hosting and working (again, on my own servers.)
edit number 2: No limit to how many times you can try a password/username before you are banned or a captcha appears.
Well, you pose an excellent question. What you basically want to know his how does one identify exploitable bugs in a login script written in PHP?.
Let me give you a few tips to get started. Check out the following: -Input filtering -Cookie management -SQL database interaction -'Are you logged in?'-procedures
Everything starts with input filtering. Faulty filtering can enable XSS, SQL injection and redirection attacks.
I hope this helped.
trixus wrote: I have my own copy of the ALL the files for the script so I can go through the code to find exploits, I just don't have any access to the actual login I want to crack. Do you mean that you have a mirror of the HTML pages, or that you have the actual PHP source? There's a big difference there :p
if u have an exapt copy of the php it woul help loads, you can see exactly what is filtered from input, and the sql tables and columns that it interacts with to preform sql injections of your own lol, ps, how did you manage to get the copy of the php code?? ps.ps, does the page use lfi, 'cause if it does and you know that variables, cookies etc, use rfi attack to get admin possibly…i dno im tired so just spitballing here lol, hope it helps at all
I have ALL the files, not just the html. I have a 100% exact replica. I can put it up on my server as a live version. 100% the same script/code that I want to hack. If I put it up on my server would you guys be willing to help me out a little bit?
THIS IS NOT ALL THAT I HAVE, this is just what is shown on the the login.php for the login
<form method="post" action="">
<input type="hidden" name="token" value="xxx <---random value in here, but it is always the same."/>
<tr>
<td>Username:</td>
<td><input id="user_name" type="text" name="user_name" value=""/></td>
</tr>
<tr>
<td>Password:</td>
<td>
<input id="user_password" type="password" name="user_password"/>
<span id="lostpw">(<a href="lost-pass.php">I forgot my password/username</a>)</a>
trixus said what?:
I can put it up on my server as a live version. 100% the same script/code that I want to hack
korg wrote: My question would be…. Why are we trying to help someone hack a login if he can't do it himself. Learning is the first step.
Because we get turned on when people say that they have source code. Duh ;)