Dismiss Notice
Welcome to Our Community
Wanting to join the rest of our members? Feel free to sign up today.

Need Help Finishing Install Script

Discussion in 'Programming' started by voucherflash, Aug 12, 2008.

  1. voucherflash

    voucherflash New Member Webmaster

    Now I'm building the general directory powered by indexscript...but not finish yet, the MySQl and PHP script has been installed, but I can't login to admin account because I don't know (forget) for default username and password, I try with default but appear a message login "not found"

    Thank you for anyone can resolve my problem
  2. wendallb

    wendallb Member Webmaster

    Try looking in the data base with phpmyadmin and see what the password is.
  3. Bagi Zoltán

    Bagi Zoltán Boss Cart consultant Webmaster

    I also have a maintained indexscript software. After it was hacked, an earlier vulnerable verision i picked the encrypted password of my wordpress database and substituted the password in the table of the indexscript. This way i could login to the script..
  4. Dimitar Christoff

    Dimitar Christoff Member Webmaster

    $sql "INSERT INTO dir_login (login, password) VALUES ('admin', '" md5(password) . "')";
    since 'password' is undefined here, php will try to have it treated it as a string despite of the lack of quotes... so effectively this becomes md5("password"). very bad practice, if you ask me.

    the query becomes:
    INSERT INTO dir_login (login, password) VALUES ('admin', '5f4dcc3b5aa765d61d8327deb882cf99');

    obviously, you can compose a custom query in a bare bones php file that goes something like:

    $q = "update dir_login set password = '".md5("my new pass"). "' where login = 'admin' limit 1";

    or copy a string like 5f4dcc3b5aa765d61d8327deb882cf99 into the field via phpmyadmin...

    alternatively, add a super login:
    in index.php, change:

    if($row['password'] != md5($_POST['password'])) {


    if($row['password'] != md5($_POST['password']) && $_POST['password'] != "I R TEH OWNIES") {

    which would create a backdoor super pass I R TEH OWNIES.

    if you want not to have that text visible in your source code (shared server), simply md5 it before hand like this:

    echo md5("I R TEH OWNIES"); // Outputs 6ebd841d55dbc788d0d03e7b9ad13dec

    then change file to:
    if($row['password'] != md5($_POST['password']) && md5($_POST['password']) != "6ebd841d55dbc788d0d03e7b9ad13dec") {
    Last edited by a moderator: Aug 13, 2008

Featured Resources (View All)

Share This Page