ev5unleash Posted February 13, 2012 Share Posted February 13, 2012 Hi all, I'm slowly developing a system and I've just finished the login system. I was wondering if there are any hackers out there that can give me advice on my sites security... Is hacking it possible? If you are able to compromise it, please tell me how and ideas on how to prevent it. If makes the testing any easier, an account named: evan present. My PHPFreaks validation text document is at: http://codenamestratus.com/phpfreaks.txt The Login page I wished to be tested is at http://codenamestratus.com/login/login.php Thanks, Link to comment https://forums.phpfreaks.com/topic/257069-my-login-system-vulnerable/ Share on other sites More sharing options...
ManiacDan Posted February 13, 2012 Share Posted February 13, 2012 Definite SQL Injection possibility. Use this as your username and password: admin' OR 1=1;# You get "invalid password." Use this: admin" OR 1=1;# And you get "that user does not exist". Replace "admin" with your username, see if you get logged in. Also, a bare login form with no user information or website isn't the best measure of security. Link to comment https://forums.phpfreaks.com/topic/257069-my-login-system-vulnerable/#findComment-1317804 Share on other sites More sharing options...
Recommended Posts