Follow us on Twitter!
Ideas are far more powerful than guns.
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 33
Guests Online: 32
Members Online: 1

Registered Members: 82841
Newest Member: and3rv1sh
Latest Articles
View Thread

HellBound Hackers | Computer General | Webmasters Lounge

Author

PHP Fusion question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 16:26
Im currently helping to modify a php fusion site for a friend, but running into a bit of php/sql trouble. My php is a bit weak.

Im trying script an automatic account upgrade from a registered member to an actual member (2 different permission user groups). I created a custom page and can get it to identify the correct password, but I do not know how to identify the user that entered the password so that I can make the sql line effect only his account.

Here is the custom page code
Code

<center>
<form name="input" action="" method="post">
Password:
<input type="text" name="pass">
<input type="submit" value="Submit" class="button">
</form>
<?php
if ($_POST["pass"]==NULL)
{}
elseif ($_POST["pass"]=="password")
{
echo 'Your Account has been upgraded';
//Some code here get uid and modify the table to upgrade permissions
}
else
echo 'Wrong Password, please try again.';
?>
</center>





Any suggestions / ideas?




Edited by on 15-10-08 16:28
Author

RE: PHP Fusion question

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 15-10-08 16:29
Look for SELECT FROM statements on W3schools.

Hint: your question has nothing to do with PHP, rather, you should have been asking about SQL statements. This means that besides your weak PHP, your SQL skills also could use an upgrade. And -this- means you shouldn't even try to help your friends in the first place, since your webprogramming skills are weak.

Anyway, SELECT FROM, go from there.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: PHP Fusion question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 16:43
The current user / userID is probably stored in a $_SESSION variable. Throw this into a PHP page and see what output you get:

<?php
foreach ($_SESSION as $k=>$v) { echo "Session variable $k = $v\n"; }
?>





Edited by on 15-10-08 16:43
Author

RE: PHP Fusion question

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 15-10-08 16:57
Zephyr_Pure wrote:
The current user / userID is probably stored in a $_SESSION variable.


Be warned though, OP. Only use this variable if you're sure it's IP bound. Cookie stealing is -very- easy on PHP-fusion, and people -will- be able to exploit code that checks stuff by $_SESSION.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: PHP Fusion question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 22:09
Solved -- albiet sloppy and insecure. But,...

A) Not my website
B) Probably not the most insecure thing about the website
C) It works.

Anyways here's the code I used. If any better ideas jump in your head feel free to post them.

Code

<center>
<form name="input" action="" method="post">
Password:
<input type="text" name="pass">
<input type="submit" value="Submit" class="button">
</form>
<?php
if ($_POST["pass"]==NULL)
{}
elseif ($_POST["pass"]=="password")
{
$uid = floor($fusion_user);
$result = mysql_query( "SELECT * FROM fusion_users WHERE user_id='$uid'");
while($row = mysql_fetch_array($result))
{
if ($row['user_groups']=='.1')
{
echo 'Account already Upgraded';
}

elseif ($row['user_groups']!='.1')
{
mysql_query("UPDATE fusion_users SET user_groups = '.1' WHERE user_id = '$uid'");
echo 'Upgraded Account';
}

}
   
}
else
echo 'Wrong Password, please try again.';
?>
</center>








Edited by on 15-10-08 22:12
Author

RE: PHP Fusion question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 22:16
stdio wrote:
if ($_POST["pass"]==NULL)
{}
elseif ($_POST["pass"]=="password"Wink
{

... Why? You're only acting on one conditional.


Author

RE: PHP Fusion question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 22:20
Zephyr_Pure wrote:
stdio wrote:
if ($_POST["pass"]==NULL)
{}
elseif ($_POST["pass"]=="password"Wink
{

... Why? You're only acting on one conditional.


Im confused by your question/statement please elaborate.

If you are referring to the if, elseif, else. It does nothing if left blank (if),.. moves on if password correct (elseif)... and displays error message if wrong (else)




Edited by on 15-10-08 22:22
Author

RE: PHP Fusion question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 15-10-08 22:37
stdio wrote:
If you are referring to the if, elseif, else. It does nothing if left blank (if),.. moves on if password correct (elseif)... and displays error message if wrong (else)

You're only gauging success on one conditional (password is correct), or you're either throwing an error or doing nothing. Why do "nothing" if it's null? The pass is wrong whether it's null or "wrong". Just seems like an unnecessary extra conditional at the top.


Author

RE: PHP Fusion question

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 15-10-08 23:43
stdio wrote:
Solved -- albiet sloppy and insecure. But,...

A) Not my website
B) Probably not the most insecure thing about the website
C) It works.


A: it's your friend's website, right? Grow some morals.
B: Fix the other things too.
C: Like Space Shuttle Columbia worked.

Now, don't get me wrong. I love lousy excuses just as much as the next guy, but yours are just very, very wrong. Bad. Negative. Useless. Bullshit.

Go code.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: PHP Fusion question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-10-08 03:02
spyware wrote:

A: it's your friend's website, right? Grow some morals.
B: Fix the other things too.
C: Like Space Shuttle Columbia worked.

Now, don't get me wrong. I love lousy excuses just as much as the next guy, but yours are just very, very wrong. Bad. Negative. Useless. Bullshit.

Go code.



Not my website has nothing to do with my morals, it has to do with time. He asked me as a favor to help him with something that would do exactly what it does... keep him from having to manually change every user that he needs too.. (about 50 total people). I gladly spent a few hours looking into how to do and finding away to do it. I flat out dont have the time to dedicate more to just a simple task.

Secondly, just because hes my friend, doesnt mean he doesnt have the same resources that I do interms using the internet. Again time is the major factor here. I would take a really long time to try and go through php fusion and try to fix everything. Let me use this website as an example... Developers here spent many hours coding/fixing this website. Its a php fusion website. Now with 1000's of users and 1000s of hours in total of people on it (specifically people looking to learn/teach/practice all sorts of tasks related to computer security),... there are STILL flaws in it.

Thirdly, bad comparrison to the columbia shuttle. There are SQL backups, so if someone where to hack it, the worst that would happen is a loss of a few hours, not people dieing. Quantify your risk vs rewards better imo.

Now, don't get me wrong. I love lousy critisism just as much as the next guy, but yours are just very, very wrong. Bad. Negative. Useless. Bullshit.



Author

RE: PHP Fusion question

spyware
Member



Posts: 4192
Location: The Netherlands
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 16-10-08 03:15
Apparently, you have enough time on your hands to write lousy rebuttals.

Your cosy refute did not impress me at all.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
“Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?” - Ebert
[/s
http://bitsofspy.net
Author

RE: PHP Fusion question


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-10-08 13:01
spyware wrote:
C: Like Space Shuttle Columbia worked.

stdio wrote:
Thirdly, bad comparrison to the columbia shuttle. There are SQL backups, so if someone where to hack it, the worst that would happen is a loss of a few hours, not people dieing. Quantify your risk vs rewards better imo.

Well, the rest of it was pleasant to read except for this one. Now, I know a lot of people like to take things rather literally at times but, in this case, the comparison was just dealing with the functional adequacy of the two. Really, it wouldn't have mattered if there was just a barrel of grapefruit on Columbia at the time of that incident... a functional failure is still a failure. Don't quantify adequacy or stability by what's at stake but, rather, by an educated success rate estimate and vulnerability assessment.

Other than that, carry on... your friend's site's security is of no concern to me, anyways.




Edited by on 16-10-08 13:01