Is this php script secure?

**bilo86** · April 29th, 2002, 02:31 AM

Hi friends. I made a login script for my website. I personally think it is pretty safe but I was wondering what you guys think. Tell me if you see any vulnerabilities or exploits that I should patch up. How could people crack it?

http://www.pheeble.com/login.php

Appreciate it.

***smirc*** · April 29th, 2002, 02:59 AM

Post the source code then poeple will be able to help you. Otherwise there's no way of telling how secure the script is.

**freeOn** · April 29th, 2002, 03:08 AM

Depends what kind of encryption you using in your database. If it's just plain text then you should slap your self on the back of your head. Also where is the source at?

**a_420_hacker_24** · June 18th, 2002, 01:24 AM

well I cant even see the page but the source would be good.

str34m3r · June 18th, 2002, 01:51 AM

It's broke.

***{P²P}Apocalypse*** · June 18th, 2002, 06:38 AM

I scaned the site checking the tree and then entered http://www.pheeble.com/v5/ as being the second page after the intro and it let me right in. Never saw any kind of a login script. So I would venture it's not to secure if I can traverse the directory tree and pull up any page I wish.

**fiend** · June 18th, 2002, 09:09 AM

No, that doesn't sound terribly secure, does it?
But then, he may not have implemented it yet; he could just be testing the login at this point...

***Vorlin*** · July 11th, 2002, 01:11 PM

Well, inside the httpd.conf (I'm going to assume we're talking apache here because that's my knowledge base, not IIS), in the intial <Directory> for this page, I would take Indexes out of the Options list. This prevents people from scanning/traversing directory trees.

As for the php, we can't see the code so we can't check!

Thread: Is this php script secure?

Thread Tools

Display

Is this php script secure?

Posting Permissions