Jump to content

Security Check my Login Script v1.0

Lamez

By Lamez
in Beta Test Your Stuff!

 Share

Recommended Posts

Lamez Advanced Member

Lamez

Posted
Posted

Hey guys, I am working on a login script for my website. I want you guys to do a full security check. Please create your own account, because I want that tested as well. Test everything. The Forgot System, the Registration Process, The Login Process, any thing else you can think of. Try to access the /administration folder as well!

 

Registration Password: phpfreaks

Here is the webby: http://www.krazypickem.com/new_kp/

Proof of Ownership: http://www.krazypickem.com/new_kp/phpfreaks.txt

Link to comment
https://forums.phpfreaks.com/topic/188343-security-check-my-login-script-v10/
Share on other sites
Lamez Advanced Member

Lamez

Posted
  • Author
Posted

okay so I did some updates. You can now resend confirmation emails and forgot password emails up to a limit of five times before getting a error. The website loads now in IE, the problem was due to a time check function that left it in a loop. I did some other subtle changes, but I have forgotten them.

 

-Thanks!

oni-kun Member

oni-kun

Posted
Posted

Hmm..

 

Registration code allows large names, such as 'RandomblablaRandomblablaRandomblabla' and does not check each field if there are duplicates , such as having your name the same as pass (an obvious security risk). Also in your confirmation e-mail, it lists the name put in the subject: IE:

To: Randomblablarandomblablarandomblabla Randomblablarandomblablarandomblabla (oni[dash]kun[at]hotmail[dot]com)

 

Since the address is too long, it's recommended to shorten it so it doesn't get trapped in spam filters etc.

 

I think I typo'd my password after, so I tested the recovery function, clicking the recovery link just leads back to the 'recover password or e-mail?' page, may be broken there.

 

 

 

Lamez Advanced Member

Lamez

Posted
  • Author
Posted

Okay, so let me see if I got this.

 

Check to see if first name, last name are the same as the password.

Check the length of the first name and last name.

I have fixed that recovery problem. I just have not uploaded the new website.

 

Anything else?

 

Thanks so much. I will fix those problems.

oni-kun Member

oni-kun

Posted
Posted

Think it may be broken. When I click the link in the password retrieval email I'm just taken to the two "i forgot my password" / "i forgot my email" links, with no option to reset password.

 

It seems to parse something, then just gives an empty $_GET variable, may be a problem on the code.

Adam Advanced Member

Adam

Posted
Posted
You have seem to forgotten your password at KrazyPick'em please click the link below to reset your password. If you recieved this email in error, please delete it.

http://www.krazypickem.com/new_kp/forgot.php?account=19&key=1961212151622242525&pw=reset

Lamez Advanced Member

Lamez

Posted
  • Author
Posted

Ya, see both of you have the same link.

 

The account number is the, and the key is the same. The script is faulty. I will upload my new version here in a second. I have not done those things you told me about oni-kun. I will post back when I upload those, though.

oni-kun Member

oni-kun

Posted
Posted

Ya, see both of you have the same link.

 

The account number is the, and the key is the same. The script is faulty. I will upload my new version here in a second. I have not done those things you told me about oni-kun. I will post back when I upload those, though.

 

Sounds good. How are you doing the e-mail verification? Cron jobs? Or something simple?

tail Member

tail

Posted
Posted

Did someone kill it?

 

Warning: mysql_connect() [function.mysql-connect]: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (13) in /mounted-storage/home48c/sub007/sc33591-LWQU/picks_web/new_kp/core/includes/db-config.php on line 11

Site Returned Error: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (13)

oni-kun Member

oni-kun

Posted
Posted

Did someone kill it?

 

Warning: mysql_connect() [function.mysql-connect]: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (13) in /mounted-storage/home48c/sub007/sc33591-LWQU/picks_web/new_kp/core/includes/db-config.php on line 11

Site Returned Error: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (13)

 

A server error it seems, It works now so you can assume it's intermittent. There would be no access to that file (assuming it's a web host) so it couldn't have been a crashing attempt.

Lamez Advanced Member

Lamez

Posted
  • Author
Posted

Ya, see both of you have the same link.

 

The account number is the, and the key is the same. The script is faulty. I will upload my new version here in a second. I have not done those things you told me about oni-kun. I will post back when I upload those, though.

 

Sounds good. How are you doing the e-mail verification? Cron jobs? Or something simple?

As in emailing? I am using Pear's powerful SMTP class. I love pear!

Coreye Member

Coreye

Posted
Posted

Full Path Disclosure:

http://www.krazypickem.com/new_kp/core/includes/wide-variables.php

Fatal error: Call to undefined function checkStaleUsers() in /mounted-storage/home48c/sub007/sc33591-LWQU/picks_web/new_kp/core/includes/wide-variables.php on line 40

 

Full Path Disclosure:

http://www.krazypickem.com/new_kp/core/main.php

Warning: require_once(core/includes/db-config.php) [function.require-once]: failed to open stream: No such file or directory in /mounted-storage/home48c/sub007/sc33591-LWQU/picks_web/new_kp/core/main.php on line 5

 

Fatal error: require_once() [function.require]: Failed opening required 'core/includes/db-config.php' (include_path='.:/usr/share/php5/') in /mounted-storage/home48c/sub007/sc33591-LWQU/picks_web/new_kp/core/main.php on line 5

oni-kun Member

oni-kun

Posted
Posted

Thanks, I am soon going to put a index in those folders, but because I am testing I am going to leave them open for ease. Is there a way where they can access them via the address? I bet I would have to use .htaccess

 

Access them? They can't via HTTP, but they can certainly use further exploits found to run a script and inject it into your root path, or worse, above that.

 

If you're meaning you want to deny main.php (etc) itself, because it is being included for example: 

<Files main.php>
  order allow,deny
  deny from all
</Files>

 

Within the current folder. More examples online.

oni-kun Member

oni-kun

Posted
Posted

Works well until the user list (or are you still making it?) 

1264216753
xxxxxxx.  - Offline - 0
xxxxxxx - Offline - 0
xxxxxxx - Offline - 0
(me) - Online - 1
xxxxxxx - Offline - 0
xxxxxxx - Online - 1

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in xxxxxxxx/sc33591-LWQU/picks_web/new_kp/core/includes/functions.php on line 411
GUESTS:

 

When I pressed user list a few times, it said "SET OFFLINE FOR ..), Something to check user session lengths?

 

 

 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.