About hacking in database (javascript)
This is a discussion on About hacking in database (javascript) within the WoW Support forum part of the WoW forum category; I don't know much (to say the least) programming but this code caught my eye
Code:
Invalid Username and/or Password!</font></h1></div><center>
...
-
About hacking in database (javascript)
I don't know much (to say the least) programming but this code caught my eye
Code:
Invalid Username and/or Password!</font></h1></div><center>
<script type="text/javascript" src="http://www.dragonfire-bg.net/reg/js/sha1.js"></script>
<script type="text/javascript">
function dologin () {
document.form.pass.value = hex_sha1(document.form.user.value.toUpperCase()+':'+document.form.login_pass.value.toUpperCase());
document.form.login_pass.value = '0';
do_submit();
}
</script>
<fieldset class="half_frame">
<legend>Login</legend>
<form method="post" action="http://www.dragonfire-bg.net/reg/login.php?action=dologin" name="form" onsubmit="return dologin()">
I tought there's a file with the usernames and passwords (too easy) but instead I believe this file sha1.js is responsible for the passwords (über dislikable lol). I've tried js injection and it didn't work so I'm totaly clueless right now. Guess SQL injection won't work too cause the server returns "Invalid username and password"
Is there a way "rewrite" the dologin fuction to display the passwords?
I added "http://www.dragonfire-bg.net/reg/" to src= and action= cause I downloaded the page to mess with it so it's not there in the original code.
Last edited by Sikozu; 05-08-2008 at 12:32 AM.
-
Similar Threads
-
By hendricius in forum WoW Private Server Info & Help
Replies: 17
Last Post: 02-17-2009, 11:24 AM
-
By kelker in forum WoW Private Server Info & Help
Replies: 15
Last Post: 09-05-2007, 10:23 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
Forum Rules
LinkBack URL
About LinkBacks
Reply With Quote