Notices
Results 1 to 6 of 6

Thread: Weakness login code (php) :(

  1. #1 Weakness login code (php) :( 
    New Member
    Join Date
    Mar 2007
    Posts
    1
    I'm sorry for my English I'm still practicing it.

    I'm running php 5.2.1 and Apache 2.2.4 (Win32) as my home network
    and I've heard of SQL injections and I know it's a big one vulnerable that
    someone experienced in SQL query and has an amazing imagination can crack into.

    But I don't know how weak codes are ?
    Anyone can explain to me? you can give an example if you don't mind.
    I'm not using string replace, string length is unlimited
    But I'm still can't crack into my own codes

    Can anyone give me the weak code for me to learn ?

    Thank you,
    Karun Siri


    Reply With Quote  
     

  2.  
     

  3. #2  
    Forum Freshman Problemed's Avatar
    Join Date
    Mar 2007
    Location
    Australia
    Posts
    23
    You want someone to post some weak code so you can try and hack it? is this right?

    If the purpose of learning how to crack the code so you know how to better protect it this would be fine. One way is to find weak spots in form submit scripts and or mailing scripts, where the host has a page that allows you to email them using a form on the page.

    First with the Form submits scripts, these can easily be broken if the programmer is lazy and uses such things as $_REQUESTS in there SQL statments.
    e.g

    $select = "*";
    $from = "DB";
    $where = $_REQUEST['form_entry']
    .......

    if this request is made on the where statement, if you place 1=1 in the field called from_entry well it will show you everything as 1 does equal 1. other methods of cracking email forms are well known and script kiddies love playing with these, but any decent programmer wont leave these holes in there code. As well as this newer versions of PHP and or MySQL and even phpmyadmin dont allow this kind of access! But its fun trying and playing with it, best knowing these exploits so in the further you can better prevent them.

    Cheers,

    Problemed

    p.s. Keep up the work on your English your doing very well.


    Reply With Quote  
     

  4. #3  
    Guest
    Guys, You can help with programming but any help that could be seen to be misused by hackers is a strict no-no. Since I am not into this particular language or internet hacking of any descriptoin, I would ask you to continue your coversation by othr means. In this thread pls stick to straight forward help. on programming techniques - ta.
    Reply With Quote  
     

  5. #4  
    Forum Freshman Problemed's Avatar
    Join Date
    Mar 2007
    Location
    Australia
    Posts
    23
    Hey Mega,
    In no means i was showing or demonstrating how to hack, this is a scripting error that programmers could do which is a very venerable to being broken, i was merely assisting in ways to prevent and or show that this is a bad method, it is a crucial thing to learn not to do aswell, as this is the short way to store information from forms directly to sql statements it is not safe at all and can be broken, i strongly suggest users to stay away from this method, and suggest that all programmers starting or developing in many sql and dynamically driven pages should be informed that this can be easily broken, and that the best solution is the prevention of creating the break or error in your own code. i was let off easily when i did it my first time, a co-worker showed me and printed all my database values to screen, yes he had some knowledge about how the database was constructed, but even now i know how to see and or make educated guesses on what and how some databases are stored and or arranged! I also only trialed and know this as i wish to keep my bases covered in the event that i am attached and wish to keep my information integrity!

    Problemed
    Reply With Quote  
     

  6. #5 Re: Weakness login code (php) :( 
    Forum Professor leohopkins's Avatar
    Join Date
    Dec 2006
    Location
    Dulwich, London, England
    Posts
    1,418
    Quote Originally Posted by Karun
    I'm sorry for my English I'm still practicing it.

    I'm running php 5.2.1 and Apache 2.2.4 (Win32) as my home network
    and I've heard of SQL injections and I know it's a big one vulnerable that
    someone experienced in SQL query and has an amazing imagination can crack into.

    But I don't know how weak codes are ?
    Anyone can explain to me? you can give an example if you don't mind.
    I'm not using string replace, string length is unlimited
    But I'm still can't crack into my own codes

    Can anyone give me the weak code for me to learn ?

    Thank you,
    Karun Siri
    Apology accepted.

    sorry for my tourets im f*****g working on it.

    The hand of time rested on the half-hour mark, and all along that old front line of the English there came a whistling and a crying. The men of the first wave climbed up the parapets, in tumult, darkness, and the presence of death, and having done with all pleasant things, advanced across No Man's Land to begin the Battle of the Somme. - Poet John Masefield.

    www.leohopkins.com
    Reply With Quote  
     

  7. #6  
    Forum Freshman Problemed's Avatar
    Join Date
    Mar 2007
    Location
    Australia
    Posts
    23
    lol bored are we?

    Problemed
    Reply With Quote  
     

Bookmarks
Bookmarks
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •