login.php
is there a way to crack a login.php form, i have successfully cracked a login.asp with simple sql injection, but this login.php is giving me trouble, a little push in the right direction would be helpful
Well it depends severely on what the form is, whether it is a POST login form or if it is using XML files to determine it's login information. SQL attacks or the like, myysql_real_escape_string, a hundred other bits of information.
What restrictions did you put on the file?
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.
not letting me post
heres a link to html source it wouldnt let me post it here
i Do have the .php source but i would like to do it without trying to use the source
deleted
Well the nearest reference I can find is at*:
Control Panel
And the page gives me enough information to know (at least in part) how to proceed, but unfortunately I'm disinclined to mention anything.
Perhaps if you paste us the source so that at least we can figure out which direction to send you in?
*When I say reference I mean "much of the source is exactly the same as what you tried to strip out", so I'm betting it's the actual page.
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.
Well your example that you found is pretty damn close it is for interspire, the only part i stripped out was the actual url for obvious reseans, it is my site and for some resean it woudnt let me post the html in the forum so i loaded the login html to another site that i control lets see if it will let me post the .php code you know what its in a PM
what about this one:
<!-- <h1>User Login</h1> -->
<div style="padding: 10px">
<p>
You must login for access.
</p>
</div>
<table border="0" cellpadding="5" cellspacing="0"style="padding:10px;width:300px;">
<tr>
<td style="border: 1px solid #cccccc" valign="top">
<form method="post" action="/admin/user.login.php" name="login_form" style="margin: 0px; padding: 0px">
<table border="0" cellpadding="4" cellspacing="2" width="100%">
<tr>
<td>E-Mail Address</td>
<td><input type="text" name="email" size="30" value=""/></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password" size="20"/></td>
</tr>
<tr>
<td colspan="2" align="right"> <input type="submit" name="f" value="Login"/> </td>
</tr>
</table>
</form></td>
</tr>
</table>
<script type="text/javascript">
<!--
function setFocus() { document.login_form.email.focus(); }
window.onload = setFocus;
//-->
</script>
</div>
<div id="cp">Copyright © 2006 New Media Gateway, All Rights Reserved. <a href="http://support.newmediagateway.com" target="_blank">Support</a></div>
</body>
</html>
So these are all sites that you own you are trying to get into?
Tiocfaidh ár lá
login.php
yea they're mine I'm a webdesigner, and was a long time backtrack user but I haven't been here for awhile, just been side tracked, and I built a bunch of e-commerce sites, and i was like hey lets see how hard it would be to get into these, so I just wanted to test them, and make them more secure
you can start by not using Joomla with there track record you will get ownedstart googling for "securty tips" just get used to validating input and using your langs built in functions to block inject etc also if you have root you can look at things like mod_security and IDS etc ..
Agreed, joomla has a very bad track record.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
login.php
the sites in question don't run through the joomla platform, i just linked to a site that happend to be joomla
link to PHP source code (you gotta be quick though) deleted
Posting Permissions
