Abdou login system

i meant “ About login system” * lol , not abdou.

I just realized and deleted my post ;p

Hey @Kunai
There are many types of login systems there are php and MYSql based ones , c# ones , java and probably with every web based programming language . :);

I believe there’re good examples in this site: Real Level 2 and Real Level 3. They are login panels based on JavaScript to validate username / password.

Aha well spotted there by @freewind1012 !!
I think the best is javascript as its widely used . :)

Actually, I pointed out those examples to demonstrate fatal vulnerabilities. You could (or sure?) be exploitable when using client-sided languages (in this case, JavaScript) to validate data.

No doubt, everything in this world is vulnerable !!

The answer to this is simply be familiar with it.

For example login.js or login.php

.js is the file extension for javascript
.php is for php

Also the syntax of the source code. Just look at it and you should know! lol It’s hard to explain but like in javascript for variables you’ll see a lot of

var

Here are some dead giveaways to look for right off the bat.
[b]
Javascript
[/b]

var variableName = somecode;  
document.write  
<script></script>  
function functionName() { }  

PHP

<?php  //some code in here ?>  
echo "Blah";  
$variable=5;  

[b]
Javascript If/Else statements Example[/b]

{  
var x="";  
var time=new Date().getHours();  
if (time<20)  
  {  
  x="Good day";  
  }  
else  
  {  
  x="Good evening";  
  }  
document.getElementById("demo").innerHTML=x;  
}```  


**PHP If/Else Statements Example**  

$t=date(“H”);
if ($t<“10”)
{
echo “Have a good morning!”;
}
elseif ($t<“20”)
{
echo “Have a good day!”;
}
else
{
echo “Have a good night!”;
}
```

Notice how it looks similar but slightly different? Well that’s pretty much it. Just investigate the source code of different sites and it may help you a bit.

Disclaimer: The examples I gave you come from W3Schools not myself!

Here are some examples

PHPhttp://www.w3schools.com/php/

Javascripthttp://www.w3schools.com/js/js_examples.asp

Also @IAmDevil , logins in Javascript aren’t better than any other because they are widely used. That is what makes them more vulnerable along with every other piece of mainstream technology. I think if you fluctuate between the two and obfuscate along with writing very well and inspected code is where security comes into place. Make sure you hack the code until it cannot be hacked anymore then process everything.

JS is client-side language i know , and it’s widely used ? sweet ! i’ll find alot of vulnerable sites then .
Thank you all for replies.

Sorry for ruining your dream @Kunai: Most websites have NOT used JavaScript to implement the login function. JavaScript is widely used, sure; but it is used to enhance user experience.

Freewind is correct. Using client-side code for logins is not secure, never do this. Server-side logins such as PHP, ASP, should be used.

So a login box like on this website (using javascript) isn’t secure?
http://lettrescpge.jimdo.com/

I don’t ask you to hack this, I don’t want trouble.

Well adviced by Osaka

[quote=Google]Client-side refers to operations that are performed by the client in a clientserver relationship in a computer network. Typically, a client is a computer application, such as a web browser, that runs on a user’s local computer or workstation and connects to a server as necessary[/quote]

[quote=Google]Server-side refers to operations that are performed by the server in a clientserver relationship in computer networking. Typically, a server is a computer program, such as a web server, that runs on a remote server, reachable from a user’s local computer or workstation[/quote]

Now posting this,

If the code is client-side the user has access to inspect the code opposed to the server-side in which, keyword server, the code is executed run etc.

If you have access to the code then it’s not secure because you can go ahead and search for vulnerabilities, if you can’t physically have access makes it harder. Not saying there aren’t ways around that but this is just the order on how things work y ‘know? It’s not neccessarily true that people don’t use Javascript for logins or other vital information, but if you know what you’re doing and more than likely work for a company you’re not going to do it that way.

So if you’re looking to hack a site like so then www.imnewtobuildingwebsites.hostserver.com will be a better target to attack than facebook. Facebook has plenty of CEH probably cracking down everyday finding new things and holes to fix.

@fkpuzat: The JavaScript login box is used for enhancing user experience. A website with smooth animations, sparky effects… is still better than a plain one with text, underlined links. It also uses server-sided code (PHP, ASP, Java…) to validate login data.