Test my login security

[melloorr]

Here is the link to the text file: http://testwebsitetesting.hostzi.com/phpfreaks.dat

(it is .dat because 000webhost does not allow .txt)

 

Hey everyone, I am trying to test out the security of my login script and I could use your help. So I need to you to try to hack into it and log into the user called: melloorr

(I am not using passwords that I also use for anything else)

 

http://testwebsitetesting.hostzi.com

 

If you found it easy to hack into, or you want to offer advice on how I could improve it then just let me know

 

Thanks

[jackwilsdon]

Hacked in 10 mins.

Joking

It seems solid, just to let you know, tried MYSQL injections (does it even use MYSQL?) and brute-ing it, nothing worked

[Pikachu2000]

Website Under Review

 

You are seeing this page because the system administrator of 000webhost.com is currently checking this website for malicious content. This redirect page will be removed once we finish manually checking all files on this account.

[PFMaBiSmAd]

We could tell you more about the security of your login script by seeing the code for both the login form processing script (everything but your actual database connection username/password) and the code you use to test and restrict access on a protected page.

[doddsey_65]

Login seems fine but your registration is not free from XSS. Registered an account with the username --><script>alert(1)</script> now everytime the page refreshes I get a javascript popup. This could be used for redirections and such

[teynon]

Your login page is vulnerable to cross site scripting because you are using PHP_SELF as your URL for your form.

 

Visit this url: http://testwebsitetesting.hostzi.com/login.php/%22%3E%3C/form%3EPlease%20continue%20to%20this%20%3Ca%20href=%22http://www.thomaseynon.com%22%3Ehacked%20page%3C/a%3E%20to%20log%20in.%3Cdiv%20style=%22display:%20none; to see what I mean.