Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Could YOU hack THIS?

  1. Home
  2. Forum
  3. Webmasters Lounge
  4. Could YOU hack THIS?

ghost's Avatar

ghost

0 0

nice title heh? just wondering if any of you would no how to exploit this code? im not posting my site obviously but i got the code free and dont know php.

	Please login.<br>
	<br>
	<form action="http://www.mysite.com/auth.php" method="post">
	Username:<input type="text" name="username"><br>
	Password:<input type="password" name="passwd"><br>
	<input type="submit" name="sitename_authsubmit" value="Login"><br>
	</form>

thanks for any help:P


ghost's Avatar

ghost

0 0

Ummmm…. one would kinda need to know the PHP script behind the HTML !Q!

Thats just the html form!

To know whether or not your script is secure we need to know the following about the script:

Did you clean the user input? Are you using a database or txt files? if(database) did you escape mysql chars? Is there a SSL?

unless I am misunderstanding your question you need to be a little more specific and include a tad bit more information.

Poko


ghost's Avatar

ghost

0 0

eeem…..it's HTML?

how can you exploit html?

if you don't mean exploiting the data sent when logging in..:right:

EDIT:

someone got it before me ^^

btw Poko, he said "i got the code free and dont know php." which obviously means he don't know SQL or any other DB language..


ghost's Avatar

ghost

0 0

I dunno WOULD you MIND actually KNOWING what YOU'RE talking ABOUT?


richohealey's Avatar

richohealey

Python Ninja
0 0

lesserlightsofheaven wrote: I dunno WOULD you MIND actually KNOWING what YOU'RE talking ABOUT?

SOMETIMES my SPACE bar ALSO switches MY caps LOCK too.

On another note, you are a fool, you can't emploit html, it's a fucking markup language.


ghost's Avatar

ghost

0 0

Why are you guys being so hard on him? This is a site to learn HACKING, he had a question and posted it on the forum so if you don't like the question don't respond…this is what keeps "noobs" from learning.


ghost's Avatar

ghost

0 0

EDIT:

someone got it before me ^^

btw Poko, he said "i got the code free and dont know php." which obviously means he don't know SQL or any other DB language..

no but if he got it for free he should know how to paste the source of those scripts to this forum for us to look at.

i was just giving examples of what we would be looking for and things he might be able to google and learn a little about for himself.

unless its not his script and its another "hack this for me" … and poorly done..

so my friend. Post the script here the part that is in between the <?php and ?> tags…. for us to check out and actually be able to help you.


ghost's Avatar

ghost

0 0

Yeah, definitely need more info. and guys, don't flame or be harsh on him, how else do we learn but by asking questions? OK, so there are ways, but questions definitely speed it along!