Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: login.php

  1. #1
    Junior Member
    Join Date
    Nov 2006
    Posts
    37

    Default login.php

    is there a way to crack a login.php form, i have successfully cracked a login.asp with simple sql injection, but this login.php is giving me trouble, a little push in the right direction would be helpful

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Well it depends severely on what the form is, whether it is a POST login form or if it is using XML files to determine it's login information. SQL attacks or the like, myysql_real_escape_string, a hundred other bits of information.

    What restrictions did you put on the file?
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  3. #3
    Junior Member
    Join Date
    Nov 2006
    Posts
    37

    Default

    not letting me post

    heres a link to html source it wouldnt let me post it here
    i Do have the .php source but i would like to do it without trying to use the source



    deleted

  4. #4
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Well the nearest reference I can find is at*:

    Control Panel

    And the page gives me enough information to know (at least in part) how to proceed, but unfortunately I'm disinclined to mention anything.

    Perhaps if you paste us the source so that at least we can figure out which direction to send you in?

    *When I say reference I mean "much of the source is exactly the same as what you tried to strip out", so I'm betting it's the actual page.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  5. #5
    Junior Member
    Join Date
    Nov 2006
    Posts
    37

    Default

    Well your example that you found is pretty damn close it is for interspire, the only part i stripped out was the actual url for obvious reseans, it is my site and for some resean it woudnt let me post the html in the forum so i loaded the login html to another site that i control lets see if it will let me post the .php code you know what its in a PM

    what about this one:

    <!-- <h1>User Login</h1> -->
    <div style="padding: 10px">
    <p>
    You must login for access.
    </p>
    </div>

    <table border="0" cellpadding="5" cellspacing="0"style="padding:10px;width:300px;">
    <tr>
    <td style="border: 1px solid #cccccc" valign="top">
    <form method="post" action="/admin/user.login.php" name="login_form" style="margin: 0px; padding: 0px">
    <table border="0" cellpadding="4" cellspacing="2" width="100%">
    <tr>
    <td>E-Mail Address</td>
    <td><input type="text" name="email" size="30" value=""/></td>
    </tr>
    <tr>
    <td>Password</td>
    <td><input type="password" name="password" size="20"/></td>
    </tr>
    <tr>
    <td colspan="2" align="right"> <input type="submit" name="f" value="Login"/> </td>
    </tr>
    </table>
    </form></td>
    </tr>

    </table>
    <script type="text/javascript">
    <!--
    function setFocus() { document.login_form.email.focus(); }
    window.onload = setFocus;
    //-->
    </script>
    </div>
    <div id="cp">Copyright &copy; 2006 New Media Gateway, All Rights Reserved. <a href="http://support.newmediagateway.com" target="_blank">Support</a></div>
    </body>
    </html>

  6. #6
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    So these are all sites that you own you are trying to get into?
    Tiocfaidh ár lá

  7. #7
    Junior Member
    Join Date
    Nov 2006
    Posts
    37

    Default login.php

    yea they're mine I'm a webdesigner, and was a long time backtrack user but I haven't been here for awhile, just been side tracked, and I built a bunch of e-commerce sites, and i was like hey lets see how hard it would be to get into these, so I just wanted to test them, and make them more secure

  8. #8
    Good friend of the forums
    Join Date
    Feb 2010
    Posts
    328

    Default

    you can start by not using Joomla with there track record you will get owned start googling for "securty tips" just get used to validating input and using your langs built in functions to block inject etc also if you have root you can look at things like mod_security and IDS etc ..

  9. #9
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Agreed, joomla has a very bad track record.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  10. #10
    Junior Member
    Join Date
    Nov 2006
    Posts
    37

    Default login.php

    the sites in question don't run through the joomla platform, i just linked to a site that happend to be joomla

    link to PHP source code (you gotta be quick though) deleted

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •