Break This Script! [+rep]

Tree · 02-25-2006, 08:36 AM

Bored?

Go to http://www.vestieo.com and see if you can break that script (or just fool it).

If you want something else to do, go to http://www.vestieo.com/manage and try to break that login script.

I'm trying to make this thing idiot proof, so do your worst

To register more than once, just hit the "Kill Cookie" button at the bottom.

If you do manage to break it, please post below.

Jim_ · 02-25-2006, 08:54 AM

I can edit my cookie to change the id and pretend I'm someone else.

ID: 1
Country: USA
IP: 24.99.249.87
Age: 43
Gender: male
Date Created: 2006-02-24

Its also possible to create your own form and make up different genders:
ID: 56
Country: USA
IP: 24.161.93.195
Age: 100
Gender: Jim Has No Gender!
Date Created: 2006-02-25

stscac · 02-25-2006, 09:56 AM

Originally Posted by Jim_

I can edit my cookie to change the id and pretend I'm someone else.

ID: 1
Country: USA
IP: 24.99.249.87
Age: 43
Gender: male
Date Created: 2006-02-24

Its also possible to create your own form and make up different genders:
ID: 56
Country: USA
IP: 24.161.93.195
????: NamePros.com http://www.namepros.com/programming/171137-break-this-script.html
Age: 100
Gender: Jim Has No Gender!
Date Created: 2006-02-25

Good work. But I hope you have a gender.

-Steve

Tree · 02-25-2006, 10:01 AM

k, I'll fix the ID thing, but how did you change the gender?

Originally Posted by Jim_

I can edit my cookie to change the id and pretend I'm someone else.

ID: 1
Country: USA
IP: 24.99.249.87
Age: 43
Gender: male
Date Created: 2006-02-24

Its also possible to create your own form and make up different genders:
ID: 56
Country: USA
IP: 24.161.93.195
Age: 100
Gender: Jim Has No Gender!
Date Created: 2006-02-25

Jim_ · 02-25-2006, 10:07 AM

Code:

<form action="http://www.vestieo.com/?" method="POST">
Age: <input type="text" name="age"><br>
Gender: 
<select name="gender">
	<option value="Jim Has No Gender!">lol. Pants.</option>
	<option value="Male">Male</option>
	<option value="Female">Female</option>

</select><br>
<input type="submit" name="Thank you!"><br>
<input type="hidden" name="done" value="yep">

Like that.
????: NamePros.com http://www.namepros.com/showthread.php?t=171137

You might want to put a check in to make sure they choose male or female.
Also, make sure that the age they enter is greater than 0.

Tree · 02-25-2006, 10:13 AM

Alright, some of the issues have been fixed. Try again!

FYI, I wiped the DB.

Edit: Nevermind, there's still a lot of problems. Let me work on it real quick.

tm · 02-25-2006, 10:28 AM

if i type in <?php it says error, headers already sent.

Jim_ · 02-25-2006, 10:40 AM

XSS vulnerability.
enter this for age: <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

Tree · 02-25-2006, 11:38 AM

Age is limited to 2 characters now.

Everything is fixed and there should be no security holes.

Jim, not sure what you meant by "XSS vulnerability."

tm · 02-25-2006, 12:57 PM

Originally Posted by Tree

Age is limited to 2 characters now.

what about that 129 year old in china?

White-Doc · 02-25-2006, 01:39 PM

Eeerm,
Not sure if it's really effective now.
But I can change my cookie using the following code:

"javascript:void(document.cookie="1337h4x0r0fd00m" );alert(document.cookie)"

Meh, it's useless I know.

Tree · 02-25-2006, 03:29 PM

Alright, so we've shut this script up. Thanks to everyone who helped, especially Jim!

Now onto the login script!

http://www.vestieo.com/manage

Once again, a huge thank you to everyone who has helped thus far.

Jim_ · 02-25-2006, 03:49 PM

So far, the login page seems safe.

Oh. I can still cheat the cookies. Just have to base64 encode it twice.

TVRJPQ%3D%3D is id 12
TVRNPQ%3D%3D is id 13

You might want to generate a random passkey for each id instead.
ex: $password = md5($id . rand(10000,99999));
and then pull the id with the passkey that matches the cookie.

Tree · 02-25-2006, 04:09 PM

Alright, this is for the first or second script?

Jim_ · 02-25-2006, 04:12 PM

I can still cheat the cookies on the first script.

Tree · 02-25-2006, 04:31 PM

Workin on it.

Fixed

Try it now.

Oh, and Jim, thanks tons! I used that exact little piece of code and it works great!

White-Doc · 02-26-2006, 05:04 AM

Hi,
I've had a go at the Login one, and I can't seem to find any exploits of vunerabilities, so either your script is somewhat secure. Or I'm not good enough to find a exploit.

Yours faithfully,
Steve

Dan · 02-26-2006, 06:57 AM

If you have the id and the password in cookies, I don't think it can be broken.. unless they know your password.

Tree · 02-26-2006, 10:01 AM

Alright, great!

I will change the encoding on the cookies though. Before it was just base64_encoded twice. I'll change it to md5.

Thanks everyone!

02-25-2006, 08:36 AM	THREAD STARTER #1 (permalink)
Tree NamePros Regular Join Date: Feb 2006 Location: Atlanta, GA, USA Posts: 335	Break This Script! [+rep] Bored? Go to http://www.vestieo.com and see if you can break that script (or just fool it). If you want something else to do, go to http://www.vestieo.com/manage and try to break that login script. I'm trying to make this thing idiot proof, so do your worst To register more than once, just hit the "Kill Cookie" button at the bottom. If you do manage to break it, please post below. Last edited by Tree; 02-25-2006 at 12:49 PM.

02-25-2006, 08:54 AM	#2 (permalink)
Jim_ NamePros Regular Join Date: Aug 2005 Location: NY, USA Posts: 608	I can edit my cookie to change the id and pretend I'm someone else. ID: 1 Country: USA IP: 24.99.249.87 Age: 43 Gender: male Date Created: 2006-02-24 Its also possible to create your own form and make up different genders: ID: 56 Country: USA IP: 24.161.93.195 Age: 100 Gender: Jim Has No Gender! Date Created: 2006-02-25 __________________ ask me about the internet Last edited by Jim_; 02-25-2006 at 09:00 AM.

02-25-2006, 10:07 AM	#5 (permalink)
Jim_ NamePros Regular Join Date: Aug 2005 Location: NY, USA Posts: 608	Code: <form action="http://www.vestieo.com/?" method="POST"> Age: <input type="text" name="age"><br> Gender: <select name="gender"> <option value="Jim Has No Gender!">lol. Pants.</option> <option value="Male">Male</option> <option value="Female">Female</option> </select><br> <input type="submit" name="Thank you!"><br> <input type="hidden" name="done" value="yep"> Like that. ????: NamePros.com http://www.namepros.com/showthread.php?t=171137 You might want to put a check in to make sure they choose male or female. Also, make sure that the age they enter is greater than 0. __________________ ask me about the internet

02-25-2006, 10:13 AM	THREAD STARTER #6 (permalink)
Tree NamePros Regular Join Date: Feb 2006 Location: Atlanta, GA, USA Posts: 335	Alright, some of the issues have been fixed. Try again! FYI, I wiped the DB. Edit: Nevermind, there's still a lot of problems. Let me work on it real quick. Last edited by Tree; 02-25-2006 at 10:18 AM.

02-25-2006, 10:28 AM	#7 (permalink)
tm Senior Member Join Date: Nov 2005 Location: on a oil rig just off Ireland Posts: 1,408	if i type in <?php it says error, headers already sent. __________________ You design in photoshop, I code into valid XHTML/CSS. Professional PSD, PNG or HTML to tableless XHTML/CSS designs. For more info, send me a PM.

02-25-2006, 10:40 AM	#8 (permalink)
Jim_ NamePros Regular Join Date: Aug 2005 Location: NY, USA Posts: 608	XSS vulnerability. enter this for age: <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> __________________ ask me about the internet

02-25-2006, 11:38 AM	THREAD STARTER #9 (permalink)
Tree NamePros Regular Join Date: Feb 2006 Location: Atlanta, GA, USA Posts: 335	Age is limited to 2 characters now. Everything is fixed and there should be no security holes. Jim, not sure what you meant by "XSS vulnerability."

02-25-2006, 01:39 PM	#11 (permalink)
White-Doc NamePros Member Join Date: Aug 2005 Posts: 83	Eeerm, Not sure if it's really effective now. But I can change my cookie using the following code: "javascript:void(document.cookie="1337h4x0r0fd00m" );alert(document.cookie)" Meh, it's useless I know.

02-25-2006, 03:29 PM	THREAD STARTER #12 (permalink)
Tree NamePros Regular Join Date: Feb 2006 Location: Atlanta, GA, USA Posts: 335	Alright, so we've shut this script up. Thanks to everyone who helped, especially Jim! Now onto the login script! http://www.vestieo.com/manage Once again, a huge thank you to everyone who has helped thus far.

02-25-2006, 03:49 PM	#13 (permalink)
Jim_ NamePros Regular Join Date: Aug 2005 Location: NY, USA Posts: 608	So far, the login page seems safe. Oh. I can still cheat the cookies. Just have to base64 encode it twice. TVRJPQ%3D%3D is id 12 TVRNPQ%3D%3D is id 13 You might want to generate a random passkey for each id instead. ex: $password = md5($id . rand(10000,99999)); and then pull the id with the passkey that matches the cookie. __________________ ask me about the internet Last edited by Jim_; 02-25-2006 at 04:05 PM.

02-25-2006, 04:09 PM	THREAD STARTER #14 (permalink)
Tree NamePros Regular Join Date: Feb 2006 Location: Atlanta, GA, USA Posts: 335	Alright, this is for the first or second script?

02-25-2006, 04:12 PM	#15 (permalink)
Jim_ NamePros Regular Join Date: Aug 2005 Location: NY, USA Posts: 608	I can still cheat the cookies on the first script. __________________ ask me about the internet

02-25-2006, 04:31 PM	THREAD STARTER #16 (permalink)
Tree NamePros Regular Join Date: Feb 2006 Location: Atlanta, GA, USA Posts: 335	Workin on it. Fixed Try it now. Oh, and Jim, thanks tons! I used that exact little piece of code and it works great! Last edited by Tree; 02-25-2006 at 06:10 PM.

02-26-2006, 05:04 AM	#17 (permalink)
White-Doc NamePros Member Join Date: Aug 2005 Posts: 83	Hi, I've had a go at the Login one, and I can't seem to find any exploits of vunerabilities, so either your script is somewhat secure. Or I'm not good enough to find a exploit. Yours faithfully, Steve

02-26-2006, 06:57 AM	#18 (permalink)
Dan Buy my domains. Join Date: Feb 2006 Posts: 2,792	If you have the id and the password in cookies, I don't think it can be broken.. unless they know your password.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Great Scripts for Sale With Resale Rights!	Zeeble	Scripts For Sale	20	01-04-2006 01:39 AM
Huge Xmas script pack sale $5.00	KPR	Scripts For Sale	1	12-08-2005 06:25 PM
60.000 Templates, scripts, fonts, banners etc. $9.95	atkims	Web Development Wanted	19	11-16-2004 09:48 AM

02-26-2006, 10:01 AM	THREAD STARTER #19 (permalink)
Tree NamePros Regular Join Date: Feb 2006 Location: Atlanta, GA, USA Posts: 335	Alright, great! I will change the encoding on the cookies though. Before it was just base64_encoded twice. I'll change it to md5. Thanks everyone!