PHP User System Basics

BoyBetterKnow · 02-08-2009, 08:44 PM

People who are coding PHP user systems and not thinking about security, you need to think about it more lmao.

For instance, make sure you include some sort of hash for the logout.

My example (Sorry whoever coded this) will be HabbCrazy:

http://www.habbcrazy.net/bth_v4/bth_logout.php

This is a small example and not really dangerous. I could make a directory on a site called http://mysite.com/preview and tell people it's a preview, but it could actually log them out of habbcrazy. All it takes is

Code:

<img src="http://www.habbcrazy.net/bth_v4/bth_logout.php" style="display:none;">

at the top of the page. This is for educational purposes by the way guys, hence why I am not going to post any exploits I have found in places.

But all you need to do is add a hash. Notice the vBulletin logout.

The malicious site could also link to http://www.habbcrazy.net/bth_v4/shout_do.php?act=send

That sends a blank message to their shoutbox. Obviously the user that was linked to the potentially malicious site would do it.

Now, imagine they did

Code:

<img src="http://www.habbcrazy.net/bth_v4/shout_do.php?act=send">
<img src="http://www.habbcrazy.net/bth_v4/shout_do.php?act=send">
<img src="http://www.habbcrazy.net/bth_v4/shout_do.php?act=send">
<img src="http://www.habbcrazy.net/bth_v4/shout_do.php?act=send">
<img src="http://www.habbcrazy.net/bth_v4/shout_do.php?act=send">
<img src="http://www.habbcrazy.net/bth_v4/shout_do.php?act=send">
<img src="http://www.habbcrazy.net/bth_v4/shout_do.php?act=send">
<img src="http://www.habbcrazy.net/bth_v4/shout_do.php?act=send">
<img src="http://www.habbcrazy.net/bth_v4/shout_do.php?act=send">
<img src="http://www.habbcrazy.net/bth_v4/shout_do.php?act=send">

Now, I don't know if HabbCrazy has an automatic blocker, but if it didn't, the user who goes on the potentially malicious site will have just posted 10 BLANK shouts to the shoutbox and get banned.

This is obvious to some of us but unknown to alot.

Hashes are a good way to secure sites. Do not rely on $_SERVER["SERVER_NAME"] or whatever.

Oh, to conclude: I'm really sorry for using HabbCrazy as an example. There are much worse systems out there. Whoever coded the system had to do loads of work and did a good job. Just missed a few things.

Note: If admins / mods find this as talking about hacking or whatever, then please delete this thread

I am just trying to educate some people.

Tomm · 02-08-2009, 10:03 PM

To be fair, vBulletin had the 1st problem for a long while

BoyBetterKnow · 03-08-2009, 08:32 AM

Originally Posted by Tomm

To be fair, vBulletin had the 1st problem for a long while

Haha. Well WHMCS has it too, but logout isn't a major thing I suppose.

Jxhn · 04-08-2009, 06:58 PM

The logout (exploit?) is very common.

The most common vulnerabillity is probably xss as most websites use php with magicquotes enabled which makes sql injection much less common.

BoyBetterKnow · 04-08-2009, 07:25 PM

Originally Posted by Jxhn

The logout (exploit?) is very common.

The most common vulnerabillity is probably xss as most websites use php with magicquotes enabled which makes sql injection much less common.

I don't know if I did, but I shouldn't of called the logout an exploit.

The logout is common, yes. People should really secure it.. It's not major but it's annoying.

The HabbCrazy thing could be serious

Thread: PHP User System Basics

Thread Tools

PHP User System Basics

Posting Permissions