Break this for me please

[Nightfire]

Been working on a registration script but I'm not too good at security, and it needs to be secure. So can you try and break my registration script for me please? Only the javascript version is working at the mo, so you must have that enabled. Use whatever you want to break it, but nothing ott please as I don't want the db damaging etc.

http://travelderbyshire.com

If you break it, please tell me how so I can fix the problems you found. ta

 

[KDF]

Took too long to respond and timed out when I tried to break it lol

 

[Nightfire]

It did? :s Must've been shift change for the hamsters lol

 

[disco]

Would better best via HTTPS
Test for SQL injections if you are sending the details to a mysql, sql server, oracle etc database.

Other than that I would be more worried about spam. Bots could submit rubbish you could add a autogenerated graphic to stop nonsense submissions or a link in the e-mail they are sent to confirm submissions.

 

[disco]

Also seems to break if I submit my details then try and submit another set without killing my browser.

 

[Nightfire]

How do you mean by that? Once you're registered a session var should be set to prevent you being able to see that popup, preventing you from registering again. Unless I've missed something out in the code.

There will be things added such as regex for the format of text entered the form and a captcha (sp) system set up. I'm mainly more interested in seeing if it's easy to hijack or inject really.

SSL will be used for the business accounts, but it's not really needed for a user account.

 

[Nightfire]

f*cking forum

 

[Caramel]

field boundaries need to be set.
i registered with

z
z
z
z@z.com

 

[Nightfire]

Can sort them easily with regex later on Not fussed at the mo as it's not a security thing

 

[disco]

Ok the way I broke it and this isn't a security thing but it is a useability thing. If I register my details then rather than clicking the link to continue I simply close the popup with the x. I can still click the register account link and get a blank pop up. Would be better if the popup said you have already registered click here or soemthing like that? Not a major one and you are looking for security issues but still thought I would point it out.

 

[Nightfire]

Ahh yeah, found that one out too. Trying to think of a way of disabling that without having to hack the js file even more as it's just getting confusing now lol. Cheers

 

[disco]

One more thing. Again dunno if this is important to you or not. But the form is susceptible to phishing attacks. I can submit post data to http://travelderbyshire.com/register.php from anywhere I like.

All I need is the following code

<html>
<head>
</head>
<body>
<form action="http://travelderbyshire.com/register.php?type=small" method="post">
<input type="text" name="username" value=""> Username<br>
<input type="password" name="pass1" value=""> Password<br>
<input type="password" name="pass2" value=""> Confirm Password<br>
<input type="text" name="email" value=""> Email Address<br>
<input type="submit" name="submit" value="Register">
</form>
</body>
</html>

So someone could put up a site that registers someone for your site but stores the data they are submitting perhaps not so important for the user accounts but perhaps for the business account registration or login.

I submitted a registration from a html file on my desktop.

You could get round this by setting a session variable with a random value this value could also be written into a hidden from field. When the form submits, the value of the hidden form field is compared to the value of the session variable to check it is a legitimate submission from your site. There will be other ways to validate the submission comes from your form but it is well worth doing.

D

 

[Nightfire]

Not so fussed about that for a normal account really. Still, good idea to help prevent phising for the business one, I'll add that into there.