Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > crack analyzes > Content
Hot Articles
GE-Fanuc CIMPLICITY w32r
CA BrightStor ARCserve B
Apple iPhone Passcode Lo
Apple iPhone Passcode Lo
BitTorrent and uTorrent
FoosunCMS Sql Injection
KMail password encryptio
Rainbow awareness tool t
IE7 0Day crack analysis
Roams through three secu
Discuz! NT 2.5 pour into
Cracking the password pr
Ghost has the crack mirr
phpinfo cross station sc
Tomcat crack's analysis
Recommend Articles
Roams through three secu
FoosunCMS Sql Injection
In PHPCMS2.4 an interest
World browser local xss
Z-blog cross station scr
About XSS crack another
hzhost hypothesized main
php the escapeshellcmd m
Thunderclap ActiveX cont
360 security browser loc
The third party browser
The careful character re
Maxthon roams through br
Yahoo! Statistical funct
Using sohu website URL s
New Articles
The H?to half of all mal
Capital protects eyes cr
Agents of the secret net
fingerPIN launches multi
Tips to supply household
OCS Resolution Security
Spyware attacks tripled
Drink and drug driving c
Forgot your password?has
PKWARE PartnerLink membe
Masternaut provides live
Troj / Erazer-A Trojan i
Hacker of 21?Years old,
Free Firefox anti-phishi
Cyber-criminals are not
Using sohu website URL skipping crack deceit mailbox password(3)
  Add date: 07/16/2008   Publishing date: 07/16/2008   Hits: 86
Total 3 pages, Current page:3, Jump to page:
 
Below now carries out our flow, first, opens the registration the address “http://passport.sohu.com/web/signup.jsp?appid= 1000&ru= http://safe.it168.com/a.html”, the registration user “kxlzxtest”, the password is “testtest”, then submission.

The attention looked that the IE address fence, already arrived forge has registered the page, the input password registers. Registered normally, has entered in the mailbox.

Now examines kxlzx.txt, really has the password which steals! The entire forge process is this, let the user be swindled in unconscious.

Does for the ordinary surfer user, we do not readily believe anybody gives homepage link, even if is the friend (, because he also possibly is victim). But does for the programmer should pay attention, when you when project approach, do not let the user as far as possible participate in the control flow, specially sensitive place. The conceivable sohu this section of flow design original intention is for and other procedure coordination, after letting the user registration, direct skipping. But because does not have the inspection to originate, also has not inspected post for the registration procedure link whether is sohu own page, has caused the URL deceit formation finally. But this kind of crack is in flood in each big website, for example nine cities register the address “https: //passport.the9.com/login.php? redurl= http://safe.it168.com” and so on, if by the person use, will be created finally the very serious consequence.

 
Other pages: : <<Prev * 1 * 2 * 3
Prev:Yahoo! Statistical function cross station script crack Next:phpinfo cross station script crack

Comment:

Category: Home > crack analyzes
Home