Jump to content

Recommended Posts

Hi all,

 

I'm slowly developing a system and I've just finished the login system. I was wondering if there are any hackers out there that can give me advice on my sites security... Is hacking it possible? If you are able to compromise it, please tell me how and ideas on how to prevent it. If makes the testing any easier, an account named: evan present.

 

My PHPFreaks validation text document is at: http://codenamestratus.com/phpfreaks.txt

 

The Login page I wished to be tested is at http://codenamestratus.com/login/login.php

 

Thanks,

Link to comment
https://forums.phpfreaks.com/topic/257069-my-login-system-vulnerable/
Share on other sites

Definite SQL Injection possibility.

 

Use this as your username and password:

admin' OR 1=1;#

You get "invalid password."

 

Use this:

admin" OR 1=1;#

And you get "that user does not exist".  Replace "admin" with your username, see if you get logged in.

 

Also, a bare login form with no user information or website isn't the best measure of security.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.