Password field weakness test

Discuss the many weaknesses of browser security and ways to mitigate the threat

Password field weakness test

Post by compak on Mon Jul 20, 2009 4:18 pm
([msg=27048]see Password field weakness test[/msg])

I compiled some HTML simple log in code page. Please try to find some weaknesses in the code and if you will find some please tell me about them I will be really thankful. By weaknesses I mean exploiting the Log In password.
Here is the source code:

Code: Select all
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html dir="rtl">
<head>
<title>M-WebMode</title>
<meta http-equiv="Content-Language" content="he">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1255">
<W.webmod-cs-key=webmodby.MatanLevy[matanlevy1@gmail.com]>
<link rel="stylesheet" href="style/indexs.css" type="text/css">
</head>

<body>
<center>
<table border="0" cellpadding="" cellspacing="0">
  <tr>
    <td class="around">
      <table border="0" cellpadding="0" cellspacing="0">
        <tr>
          <td width="600">
      <img src="images/banner.JPG" alt="M-WebMod!">
     </td>

        </tr>
   <tr>
     <td class="hg"></td>
   </tr>
   <tr>
     <td class="nav" width="700">
<b>.:</b> \\<b></b> <a href="/" class="navlink">Main Page</a> <b> :</b>


  <a href="wmsg.w" class="navlink">Manager Talks</a> <b>:</b> <a href="auth.w" class="navlink">Connecting</a>  \\ <b>:.</b>&nbsp;&nbsp;&nbsp;<font size=1>[
<SCRIPT LANGUAGE="JavaScript">
<!--
currentTime = new Date();

if (currentTime.getHours() < 12)
document.write("Good Morning");
else if (currentTime.getHours() < 16)
document.write("Evening");
else if (currentTime.getHours() < 18)
document.write("Day");
else if (currentTime.getHours() < 22)
document.write("Night");
else
document.write("Good night");
//-->
</SCRIPT> ] </font>
    </td>
   </tr>

   <tr>
     <td class="hg"></td>
   </tr>
   <tr>
     <td class="maincontent">

<div align="center">



<br><br>
   



<form action="matanlevy1webmod.w?redir=" method="post" name="authform">
Please insert your password :<br><br>
<input type="password" name="rconpass">
<input type="submit" value="Connection >>">
<input type="hidden" name="setcookiesNULL" value="rconpass">
</form>




</div>
</td>
        </tr>
   <tr>

     <td class="hg"></td>
   </tr>
        <tr>
          <td class="footerbar"></td>
   </tr>
   <tr>
     <td class="hg"><center>
<!--Banner!  WebMod Made by Matan Levy [matanlevy1@gmail.com]--></td>
   </tr>

   <tr>
     <td class="footer"><center>
<table width="100%" style="border-width:0" cellpadding="0" cellspacing="0" dir=rtl><tr>
<td align="left">codes by <a href="http://www.djeyl.net/forum/index.php?showtopic=34718" target="_blank">djeyl</a></td>
<td align="center"><b>[Created By <a href="mailto:matanlevy1@gmail.com" title="send mail ">Matan Levy </a>[MatanLevy1</b></td>
<td align="right"><a href="matanlevys.w">M WebMod 1.6</a></td>
</tr></table>
     </td>

   </tr>
   <tr>
     <td class="hg"></td>
   </tr>
      </table>
    </td>
  </tr>
</table>
</center>
</body>

</html>
compak
New User
New User
 
Posts: 1
Joined: Mon Jul 20, 2009 4:13 pm
Blog: View Blog (0)


Re: Password field weakness test

Post by thedotmaster on Mon Jul 20, 2009 6:16 pm
([msg=27063]see Re: Password field weakness test[/msg])

You'll need to post the code to the backend for us to be able to look for vulnerabilities.
That's the server side script that the form info is posted too.
Image
User avatar
thedotmaster
Contributor
Contributor
 
Posts: 984
Joined: Sun May 04, 2008 4:39 pm
Location: North West UK
Blog: View Blog (1)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests

cron