5 Replies - 384 Views - Last Post: 27 June 2011 - 01:56 PM

#1 creativecoding  Icon User is offline

  • Hash != Encryption
  • member icon


Reputation: 922
  • View blog
  • Posts: 3,195
  • Joined: 19-January 10

Break it please

Posted 27 June 2011 - 02:51 AM

Just about finished with the coding side of a script for a client, I'd like to see if it's foolproof.


http://www.creativec...otingSystemHax/


Here is a directory listing of all files with possible problems:
 - Index.php
 - Poll.php[?id=(int)]
 - results.php[?id=(int)]
   > admin (dir)
     - index.php[?id=(string)]
     - login.php


Username: admin
Password: password

The only problem is that the user can just click back twice in their browser and that get's them past the "You've already voted" screen... I'll have to fix that.


Let's see what you guys come up with ;)

This post has been edited by creativecoding: 27 June 2011 - 02:55 AM


Is This A Good Question/Topic? 0
  • +

Replies To: Break it please

#2 no2pencil  Icon User is online

  • Head MFIC
  • member icon

Reputation: 5066
  • View blog
  • Posts: 26,448
  • Joined: 10-May 07

Re: Break it please

Posted 27 June 2011 - 03:08 AM

Quote

these aren\'t actual bands: 3


Also if I yank the id value off the url I get an ugly reply :

Quote

Results for

Was This Post Helpful? 0
  • +
  • -

#3 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3635
  • View blog
  • Posts: 5,756
  • Joined: 08-June 10

Re: Break it please

Posted 27 June 2011 - 03:14 AM

For me, unless I actually hit refresh, it's enough to just click back once to be able to vote again. (Firefox 5.0)

Doesn't the process.php script check to see if the cookie is set before processing the vote? (Or doesn't the cookie get sent from the cached page... I'm not sure about that.)

Also, you should consider adding a Captcha, or some other type of human detection, or this could be abused by automated scripts fairly easily.
Was This Post Helpful? 0
  • +
  • -

#4 creativecoding  Icon User is offline

  • Hash != Encryption
  • member icon


Reputation: 922
  • View blog
  • Posts: 3,195
  • Joined: 19-January 10

Re: Break it please

Posted 27 June 2011 - 03:23 AM

View PostAtli, on 27 June 2011 - 04:14 AM, said:

For me, unless I actually hit refresh, it's enough to just click back once to be able to vote again. (Firefox 5.0)

Doesn't the process.php script check to see if the cookie is set before processing the vote? (Or doesn't the cookie get sent from the cached page... I'm not sure about that.)

Also, you should consider adding a Captcha, or some other type of human detection, or this could be abused by automated scripts fairly easily.


Added that cookie check to the process.php page. Won't show on that version though.


Never tried using a captcha before. I might look into it.
Was This Post Helpful? 0
  • +
  • -

#5 Creecher  Icon User is offline

  • I don't care
  • member icon

Reputation: 561
  • View blog
  • Posts: 2,049
  • Joined: 06-March 10

Re: Break it please

Posted 27 June 2011 - 06:46 AM

Changing the value to a poll that doesn't exist just shows a blank radio button and a submit button.

Then, after submitting said poll, it takes you to the result page with a <h2> tag and ":1".

Edit(moar):

Also, if I add "?id=login" to your "/admin/index.php" without going through your login, I gain access to your admin shit.

This post has been edited by NeverPool: 27 June 2011 - 06:53 AM

Was This Post Helpful? 0
  • +
  • -

#6 creativecoding  Icon User is offline

  • Hash != Encryption
  • member icon


Reputation: 922
  • View blog
  • Posts: 3,195
  • Joined: 19-January 10

Re: Break it please

Posted 27 June 2011 - 01:56 PM

View PostNeverPool, on 27 June 2011 - 07:46 AM, said:

Changing the value to a poll that doesn't exist just shows a blank radio button and a submit button.

Then, after submitting said poll, it takes you to the result page with a <h2> tag and ":1".

Edit(moar):

Also, if I add "?id=login" to your "/admin/index.php" without going through your login, I gain access to your admin shit.


Yeah the first problem needs fixing, but your second one doesn't work. You sure you didn't just login? I'm using switch on ID and I have no case for login. Default just displays the links. You can't even get there without getting past the login check.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1