Calling all experienced hackers!

freecrm

New Member
Messages
629
Reaction score
0
Points
0
I have just completed a registration and login system using php and I would love it if someone could break it!!!

The site is www.freecrm.x10hosting.com

I'll even tell you how it works!

1st Registration page:

Uses "ReCaptcha" image verification and validates all input, including repeats of critical information.

e-mail, username, password etc.

Checks if username already exists.

Creates random membership ID - lots of characters, mixed string (hidden field)
Creates random password - lots of characters, mixed string (hidden field)

Commits all $_POST variables to server variables.

Inserts record with random password. (membership id is unique MySQL field)


2nd Registration page:

Re-assigns $_SESSION variables to normal strings and e-mails verification to inserted e-mail address.

E-mail contains link to account verification page, carrying random membership ID and real password.

i.e. http://freecrm.x10hosting.com/accountverification.php?memid=<?php echo $memid;?>&password=<?php echo $password;?>

The account verification page calls a recordset where the $_GET memid matches.

An update (using form) then inserts the real password over the existing password.

You can then login!

There is only one small crack I can see here:

If a user types the account verification URL into a browser with a random number and password, the chances are they will not match an existing record; however, if the user continues to do this with a random memid string (29 characters!), they might match an existing record. The password variable could then be used to over-write an existing users account!

What are the chances???
 
Top