in reply to Re: User Editor Page and clear text passwords
in thread User Editor Page and clear text passwords

Considering that a lot of people use JS in their browswers...

1. Copy the cookie value of perlmonks.org to another cookie for mycustomserver.com
2. Post a cute link or something and have the victim visit it at SOME time, either via cb, a node or something.
3. On mycustomserver.com, have your home page capture the cookie and write it somewhere. Then its a matter of reusing that cookie.

As for passwords, I haven't played much with iframes, js and capturing form fields yet, but I wouldn't be surprised if something can't be concocted.

Just some thoughts on your comment. And what BUU is pointing out, is if someone does hack the server and gets all passwords, the site becomes useless, and everyone has to start over.


Play that funky music white boy..
  • Comment on Re: Re: User Editor Page and clear text passwords

Replies are listed 'Best First'.
Re: Re: Re: User Editor Page and clear text passwords
by Anonymous Monk on Feb 16, 2004 at 07:18 UTC
    JS don't mean much. JUST AVOID HOMENODES and you'll be fine.
[reply]

In Section Perl Monks Discussion