Ethical Hacking
Moderator: General Moderators
-
Charles256
- DevNet Resident
- Posts: 1375
- Joined: Fri Sep 16, 2005 9:06 pm
Ethical Hacking
We got any of those in here? Slightly curious if my login script is secure and well wanted to know if anyone was interested in giving it a go.
Let me know if you are, either PM me or post in here and I'll PM you with the site.
I'd post the link in here but don't want it to be seen as advertising or anything like that.
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
-
Charles256
- DevNet Resident
- Posts: 1375
- Joined: Fri Sep 16, 2005 9:06 pm
-
Charles256
- DevNet Resident
- Posts: 1375
- Joined: Fri Sep 16, 2005 9:06 pm
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Roja wrote:Any attempts across network is against both US law and international law.
How is this communism..Charles256 wrote:now that my friends is communism at it's best...
Post it here usingCharles256 wrote: it's actually login/registration Very Happy and when I get home I'll post the code on a site and color it pretty and everything so it's easy to read:-D
Code: Select all
tags-
Charles256
- DevNet Resident
- Posts: 1375
- Joined: Fri Sep 16, 2005 9:06 pm
-
Charles256
- DevNet Resident
- Posts: 1375
- Joined: Fri Sep 16, 2005 9:06 pm
here is the registration page
Code: Select all
Please enter all of the requested information. Fields that are required the field name will be
<font color="#FF0000"> red </font>. All other fields are optional. All users will have to be
approved before they can login. When you are approved an e-mail will be sent to you with your username
and password. <br>
<Br>
<form method="post" action="http://www.chalkheadbaptist.com/index.php?page=members®ister=yes&procregister=yes">
<table>
<tr>
<td>
<font color="#FF0000">Username</font>:</td>
<td>
<input type="text" name="username" value="<?php echo ("$username") ?>">
</td>
<td><font color="#990099"> <?php echo ($usernamee) ?>
</font></td>
</tr>
<tr>
<td>
<font color="#FF0000">Password</font>:</td>
<td>
<input type="password" name="password" value="<?php echo($password) ?>">
</td>
<td><font color="#990099"> <? echo ($passworde) ?>
</font></td>
</tr>
<tr>
<td>
<font color="#FF0000">First Name</font>:
</td>
<td>
<input type="text" name="fname" value="<?php echo($fname) ?>">
</td>
<td><font color="#990099"> <? echo ($fnamee) ?>
</font></td>
</tr>
<tr>
<td>
<font color="#FF0000">Last Name</font>:
</td>
<td>
<input type="text" name="lname" value="<?php echo($lname) ?>">
</td>
<td><font color="#990099"> <? echo ($lnamee) ?>
</font></td>
</tr>
<tr>
<td>
<font color="#FF0000">E-Mail Address</font>:
</td>
<td>
<input type="text" name="email" value="<?php echo($email) ?>">
</td>
<td> <font color="#990099"><? echo ($emaile) ?>
</font></td>
</tr>
<tr>
<td>
<font color="#FF0000">Birthday</font>:
</td>
<td>
<select name="day">
<?php
if ($day!='')
{
$i=1;
while ($i<13)
{
echo ("<option value='$i'");
if ($day==$i)
{
echo (" selected");
}
echo (">$i");
$i++;
}
}
else
{
$i=1;
while ($i<13)
{
echo ("<option value='$i'>$i");
$i++;
}
}
?>
</select>
<select name="month">
<?php
if ($month!='')
{
$i=1;
while ($i<33)
{
echo ("<option value='$i'");
if ($month==$i)
{
echo (" selected");
}
echo (">$i");
$i++;
}
}
else
{
$i=1;
while ($i<33)
{
echo ("<option value='$i'>$i");
$i++;
}
}
?>
</select>
<select name="year">
<?php
if ($year!='')
{
$i=1900;
while ($i<2005)
{
echo ("<option value='$i'");
if ($year==$i)
{
echo (" selected");
}
echo (">$i");
$i++;
}
}
else
{
$i=1900;
while ($i<2005)
{
echo ("<option value='$i'>$i");
$i++;
}
}
?>
</select>
</td>
<td> </td>
</tr>
<tr>
<td>
<font color="#FF0000">Are you married?
</font></td>
<td>
<?php
if ($married!='')
{
echo ("<input type='radio' name='married' value='$married' checked>$married");
}
else
{
?>
<input type="radio" name="married" value="yes">Yes
<br>
<input type="radio" name="married" value="no" checked>No
<?php
}
?>
</td>
<td> </td>
</tr>
<tr>
<td>
When were you married?
</td>
<td>
<select name="mday">
<?php
if ($mday!='')
{
$i=1;
while ($i<13)
{
echo ("<option value='$i'");
if ($mday==$i)
{
echo (" selected");
}
echo (">$i");
$i++;
}
}
else
{
$i=1;
while ($i<13)
{
echo ("<option value='$i'>$i");
$i++;
}
}
?>
</select>
<select name="mmonth">
<?php
if ($mmonth!='')
{
$i=1;
while ($i<33)
{
echo ("<option value='$i'");
if ($mmonth==$i)
{
echo (" selected");
}
echo (">$i");
$i++;
}
}
else
{
$i=1;
while ($i<33)
{
echo ("<option value='$i'>$i");
$i++;
}
}
?>
</select>
<select name="myear">
<?php
if ($myear!='')
{
$i=1900;
while ($i<2005)
{
echo ("<option value='$i'");
if ($myear==$i)
{
echo (" selected");
}
echo (">$i");
$i++;
}
}
else
{
$i=1900;
while ($i<2005)
{
echo ("<option value='$i'>$i");
$i++;
}
}
?>
</select>
</td>
<td> </td>
</tr>
<tr>
<td align="right">
<input type="submit" name="register" value="register">
</td>
</tr>
</table>
</form>-
Charles256
- DevNet Resident
- Posts: 1375
- Joined: Fri Sep 16, 2005 9:06 pm
the login page
Code: Select all
Welcome. Below enter the user name and password you registered with.
<form name="login" action="index.php?page=members&testing=true" method="post">
<table>
<tr>
<td>
Username:
</td>
<td>
<input type="text" name="username">
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" name="password">
</td>
</tr>
<tr>
<td>
<input type="submit" name="login" value="login">
</td>
</tr>
</table>
</form>
<table border="1" bordercolor="#000000">
<tr>
<td>
<a href="http://www.chalkheadbaptist.com/index.php?page=members®ister=yes">Not Registered? Sign up!</a>
</td>
<td bordercolor="#000000">
Forgot your password?
</td>
</tr>
</table>-
Charles256
- DevNet Resident
- Posts: 1375
- Joined: Fri Sep 16, 2005 9:06 pm
processing the registration
Code: Select all
{
$username=strtolower($_POST['username']);
$password=$_POST['password'];
$upassword=md5($password);
$lname=$_POST['lname'];
$fname=$_POST['fname'];
$day=$_POST['day'];
if ($day <= 10 )
{
$day='0'.$day;
}
$month=$_POST['month'];
if ($month <= 10 )
{
$month='0'.$month;
}
$year=$_POST['year'];
$married=$_POST['married'];
$mday=$_POST['mday'];
if ($mday <= 10 )
{
$mday='0'.$mday;
}
$mmonth=$_POST['mmonth'];
if ($mmonth <= 10 )
{
$mmonth='0'.$mmonth;
}
$myear=$_POST['myear'];
$email=strtolower($_POST['email']);
$error='false';
if (empty($username))
{
$usernamee="You didn't enter anything into this field, please enter something.";
$error='true';
}
$name=mysql_fetch_object($result);
if ($username==$name->Username)
{
$usernamee="That username is already taken, please try another one.";
$error='true';
}
if (ereg("[^a-zA-Z0-9]", $username))
{
$usernamee="Please only enters letters and numbers.";
$error='true';
}
if (empty($password))
{
$passworde="You didn't enter anything into this field, please enter something.";
$error='true';
}
if (ereg("[^a-zA-Z0-9]", $password))
{
$passworde="Please only enters letters and numbers.";
$error='true';
}
if (empty($fname))
{
$fnamee="You didn't enter anything into this field, please enter something.";
$error='true';
}
if (ereg("[^a-zA-Z0-9]", $fname))
{
$fnamee="Please only enters letters and numbers. For example leave out your middle name. ";
$error='true';
}
if (empty($lname))
{
$lnamee="You didn't enter anything into this field, please enter something.";
$error='true';
}
if (ereg("[^a-zA-Z0-9]", $lname))
{
$lnamee="Please only enters letters and numbers. For example, exclude your title. I.E.- Jr.";
$error='true';
}
if (empty($email))
{
$emaile="You didn't enter anything into this field, please enter something.";
$error='true';
}
if ( !eregi('^[-a-z0-9!#$%&\'*+/=?^_<{|}~]+(\.[-a-zA-Z0-9!#$%&\'*+/=?^_<{|}~]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*\.[a-z0-9-]{2,}$', $email) ) {
$emaile = "Please enter a valid E-mail address.";
}
if ($email==$name->Email)
{
$emaile="Someone else is all ready using that e-mail address.";
$error='true';
}
}Code: Select all
if ($error=="false")
{
$sql=mysql_query("INSERT INTO member(Username, Password, Fname, Lname, Email, Bday, Married, Dmarried) VALUES ('$username','$upassword','$fname','$lname','$email','".$day.$month.$year."','$married','".$mday.$mmonth.$myear."')");
?>
Congratulations, you have successfully registered. Your registration information is as follows. Unfortunatly, you're account will have to be activated before you can log in. Save the information from this page for future reference.<br>
<br>
<?php
echo (" Username: $username <br> Password: $password <br> First Name: $fname <br>
Last Name: $lname <br> E-Mail Address: $email <br> Birthday:".$day.$month.$year."<br>");
if ($married=='no')
{
echo("Married: $married");
}
if ($married=='yes')
{
echo("Married: $married<br>Date Married:".$mday.$mmonth.$myear."<br>");
}
$message = "Thank you for registering $fname $lname.\nYour login information is as follows.\nUsername: $username\nPassword:$password\nWithin forty eight hours your account should be activated.\n Thank you for your patience.\n\nIf you recieved this e-mail without registering at the site mentioned contact webmaster@chalkheadbaptist.com immediatly.\nBy doing so we can take steps to make sure whatever error occurred is promptly fixed.";
$to=$email;
$subject="Thank you for registering at ChalkheadBaptist.com";
$headers='From:webmaster@chalkheadbaptist.com'."\r\n".'Reply-To:webmaster@chalkheadbaptist.com'."\r\n";
mail($to, $subject, $message, $headers);
}-
Charles256
- DevNet Resident
- Posts: 1375
- Joined: Fri Sep 16, 2005 9:06 pm
and loggin in
if you have read this far you are probably a saint
Code: Select all
if ($_REQUEST['testing']=='true')
{
$password=md5($_POST['password']);
$username=strtolower($_POST['username']);
$nresult=mysql_query("SELECT * FROM member WHERE Username='$username'");
$row=mysql_fetch_object($nresult);
if (mysql_num_rows($nresult) != '1' OR $password != $row->Password)
{
?>
Invalid username or password, please try <a href="http://www.chalkheadbaptist.com/index.php?page=members">again.</a>
<?php
}
else if ($row->Active=='0')
{
echo ("While your name is registered you have not been approved. As such you do not have access to any of our member functions yet. We apologize for any inconvience.");
}- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
I don't really have time right now to look over your code at the moment, but at a quick glance I see a few things you should probably change
You have not sanitized this variable, which is extremely dangerous especially during log-ins.
You should ALWAYS sanitize every piece of input possible.. never trust the user.. EVER
Probably better to change your query to something like
Along with mysql_real_escape_string I would probably convert all input to html_entities() just incase they tried inserting malicious code
Code: Select all
$username=strtolower($_POST['username']);You should ALWAYS sanitize every piece of input possible.. never trust the user.. EVER
Code: Select all
$username=strtolower(mysql_real_escape_string($_POST['username']));Code: Select all
$password=md5($_POST['password']);
$username=strtolower(mysql_real_escape_string($_POST['username']));
$nresult=mysql_query("SELECT * FROM member WHERE Username='$username' AND Password = '$password' LIMIT 1");
if (mysql_num_rows($nresult))
{
//now fetch the object
$row=mysql_fetch_object($nresult);-
Charles256
- DevNet Resident
- Posts: 1375
- Joined: Fri Sep 16, 2005 9:06 pm
Jcart wrote: Post it here usingCode: Select all
tags [/quote] 500+ lines? Ahh... nevermind... he's posted already