Author Topic: Secure PHP Logins  (Read 5651 times)

TinMan

  • Autococker
  • Posts: 1347
Re: Secure PHP Logins
« Reply #20 on: June 14, 2006, 03:50:37 PM »
Well this is a common way that cookies are dropped from the client's browser, so read into it this for seeing how the cookies are stolen and how they can be used, also, check out some more stuff on the Critical Security forums, they probably have lots of info that will be helpful on making your login script.

Qoo

  • VM-68
  • Posts: 100
Re: Secure PHP Logins
« Reply #21 on: June 14, 2006, 03:58:17 PM »
I post on cs wow.


If you just keep the login page and the authed areas simple everything should be ok, less variables mean less chance to inject code and perform XSS to steal the cookies.

TinMan

  • Autococker
  • Posts: 1347
Re: Secure PHP Logins
« Reply #22 on: June 14, 2006, 04:06:46 PM »
I need to buff up on my stuff and get back to my HTS challenges sometime toon, lol
http://www.hackthissite.org/user/view/th3t1nm4n

Qoo

  • VM-68
  • Posts: 100
Re: Secure PHP Logins
« Reply #23 on: June 14, 2006, 04:23:47 PM »
Well you can try - some of the realistic ones are down now I think. 

Smokey

  • Autococker
  • Posts: 1172
Re: Secure PHP Logins
« Reply #24 on: June 14, 2006, 05:02:25 PM »
im confused on challange 4...

TinMan

  • Autococker
  • Posts: 1347
Re: Secure PHP Logins
« Reply #25 on: June 14, 2006, 06:21:03 PM »
http://www.criticalsecurity.net/index.php?showtopic=8
There's a firefox extension called "Web Developer" or something like that which is useful for the live html editing missions.