MaDLeeTs • Cyber Security & Professional Webmasters Forum

Full Version: Bypass Login with Session
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello all,
this is a little tutorial for takeover a website by using simple session variables Smiley1
at first we need a shell on the target with rights to excute php comands.
and we need a target like a admin panel Smiley1 maybe you want to grab the pw & username
but you failed because the hash is hashed in sha256 or something like that.
so we need a other way to login Smiley1
in this time we can use they own login method Smiley1
PHP Code:
if(!empty($_POST["pw"]) && !empty($_POST["us"])){
$row mysql_fetch_object($res);
md5($_POST["pw"])==$row->password && $_POST["us"]==$row->username){
$_SESSION["adminID"] =  $row->adminID;
$_SESSION["username"] =  $row->username;
$_SESSION["login"] =  "1";
header("Location: users.php");
we see here a login with using sessions wink
Note :
Sessions are server-side variables.

if we wont access to that admin panel we need just to do that :
PHP Code:
$_SESSION["adminID"] =  "0";
$_SESSION["username"] =  "admin";
$_SESSION["login"] =  "1"
and we call the php file with that content and we can access the admin panel and we bypass the site authentication Smiley1

i hope this help some of you Smiley1
Nice Share Bro ! i have see all your Poster's It's Amazin With Great idea ! Keep It up Man wink
Thanks man Smiley1
But if you already have access to the script and you can modify it, why not just delete authentication mechanism!?
Or add mail() function inside of that function you posted to get credentials first time admin or anyone else login?!
sorry bro but you don't understand what i was talking/writing Smiley1
so how do you want to enter if the pws are hashed in SHA256 Biggrinsmiley Biggrinsmiley
your only way in is that you give your self from a other script the rights to login in the admin panel Biggrinsmiley Biggrinsmiley
sorry but didn't understand this tutorial Sadsmiley .You please explain a bit more in detail .sorry
Nice share Bro ! appreciiate it
@Ninja wink
at first you need filerights somewhere on the server. But maybe there are a admin panel where we have no rights because the admin take the userrights ?
then we can only login if we create a file like that :
PHP Code:
<?php $_SESSION["admin"]=1?>
that is just a example because in evry time it's different variables.
if you done that and you call the php files you are have acces to the panel and do some stuff on it Smiley1
Nice share dude Biggrinsmiley