Jump to content

Login Security

gevans

By gevans
in Beta Test Your Stuff!

 Share

Recommended Posts

gevans Regular Member

gevans

Posted
Posted

Hey guys,

 

Only looking at getting the login page tested, link to follow;

 

http://projects.purplecoffee.co.uk/outdoorguernsey/public_html/admin

 

Just for your information it's an ajax request to login so a mod like SQL Inject Me will probably receive 404 Not Found errors on execution.

 

Thanks guys, and I hope you find nothing, but please tell me anything!

Link to comment
Share on other sites
gevans Regular Member

gevans

Posted
  • Author
Posted

A lot of the errors return due to it being ajax and not actually properly testing via the addon.

 

As far as I'm aware I've done everything to secure the login.

 

The password is salted and hashed. The username is cleaned with real_escape_string(). I don't use trim. If the user puts spaces into the start or end of the username then it's wrong.

 

For me SQL Inject me returns 51 failures (as mentioned) and 0 Errors.

 

Thanks for the reply

Link to comment
Share on other sites
gevans Regular Member

gevans

Posted
  • Author
Posted

Could you explain some of these to me?

 

Attack Details:

    * Input Parameter: PHPSESSID
    * HTTP Method: SECCOMP

The attacked page is dangerously similar to the original page. It is 100% similar. Got access to a resource that should be protected. Server response code: 200 OK.

 

Attack Details:

    * Input Parameter: PHPSESSID
    * HTTP Method: HEAD

Got access to a resource that should be protected. Server response code: 200 OK. The attacked page is not very similar to the original page. It is 1.156% similar.

Link to comment
Share on other sites
gevans Regular Member

gevans

Posted
  • Author
Posted

I'm not going to lie, I'm a bit confused now. Done a bit of reading and covered some things that I already do.

 

session id is regenerated on each page.

the session cookie is only accessible over http

 

What am I missing, any advice on fixes?

Link to comment
Share on other sites
gevans Regular Member

gevans

Posted
  • Author
Posted 
#Direct redirect
RewriteRule ^home$ index.php [L,NC]

#Admin goes through admin.php
RewriteRule ^admin$ admin.php [L]
RewriteRule ^admin/([a-z0-9-]+)$ admin.php?para1=$1 [L]
RewriteRule ^admin/([a-z0-9-]+)/([a-z0-9-]+)$ admin.php?para1=$1&para2=$2 [L]
RewriteRule ^admin/([a-z0-9-]+)/([a-z0-9-]+)/([a-z0-9-]+)$ admin.php?para1=$1&para2=$2&para3=$3 [L]

#Pages goes through index.php
RewriteRule ^([a-z0-9-]+)$ index.php?para1=$1 [L]
RewriteRule ^([a-z0-9-]+)/([a-z0-9-]+)$ index.php?para1=$1&para2=$2 [L]

Link to comment
Share on other sites
gevans Regular Member

gevans

Posted
  • Author
Posted

I'm not getting my head around why I'm getting

 

INPUT PHPSESSID and SECCOMP

 

Apart from the steps taken already, what can I do to stop this, and can you explain further what it actually means. I'm finding it difficult to secure something I'm not understanding.

Link to comment
Share on other sites
gevans Regular Member

gevans

Posted
  • Author
Posted

Got access to a resource that should be protected. Server response code:200 OK.

The attacked page is not very similar to the original page. It is 41.5%

similar.

 

The Input Parameter is telling you the name of the parameter that was dropped for the session while the HTTP Method is the name of the HTTP method that was sent with the request.

 

From the paragraph on the end we can see that we were able to access the protected page, with the server returning a 200 OK status code. We can also see that the returned page had low (41.5%) similarity to the page we requested from.

 

This is from the websites FAQ. In the final explination;

 

From the paragraph on the end we can see that we were able to access...

 

It says it has managed to access the protected page. You may have to correct me here. But each page I have runs through a single php page. So it will always return 200 OK but printing the login form!?

Link to comment
Share on other sites
darkfreaks Advanced Member

darkfreaks

Posted
Posted

To prevent network sniffers from scooping up session IDs, session-specific traffic should be sent over SSL. You don't need to do anything special to PHP when you're using an SSL connection, but you do need to specially configure your webserver.

 

also you could install mod security if you have a dedicated server.

Link to comment
Share on other sites
gevans Regular Member

gevans

Posted
  • Author
Posted

I'm not convinced with the access me addon, I haven't found a single site that doesn't bring up and error or warning

 

http://www.facebook.com/index.php :: Http Method

Attack Details:

 

    * HTTP Method: SECCOMP

 

The attacked page is dangerously similar to the original page. It is 98.58% similar. Got access to a resource that should be protected. Server response code: 200 OK.

http://www.facebook.com/index.php :: Http Method

Attack Details:

 

    * HTTP Method: HEAD

 

Got access to a resource that should be protected. Server response code: 200 OK. The attacked page is not very similar to the original page. It is 0.226% similar.

 

Sorry for the default example, but come on.... I don't see anyone hacking facebook. And if it was possible it would've happened by now.

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.