Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > crack analyzes > Content
Hot Articles
GE-Fanuc CIMPLICITY w32r
CA BrightStor ARCserve B
Apple iPhone Passcode Lo
Apple iPhone Passcode Lo
BitTorrent and uTorrent
FoosunCMS Sql Injection
KMail password encryptio
Rainbow awareness tool t
IE7 0Day crack analysis
Roams through three secu
Discuz! NT 2.5 pour into
Cracking the password pr
Ghost has the crack mirr
phpinfo cross station sc
Tomcat crack's analysis
Recommend Articles
Roams through three secu
FoosunCMS Sql Injection
In PHPCMS2.4 an interest
World browser local xss
Z-blog cross station scr
About XSS crack another
hzhost hypothesized main
php the escapeshellcmd m
Thunderclap ActiveX cont
360 security browser loc
The third party browser
The careful character re
Maxthon roams through br
Yahoo! Statistical funct
Using sohu website URL s
New Articles
The H?to half of all mal
Capital protects eyes cr
Agents of the secret net
fingerPIN launches multi
Tips to supply household
OCS Resolution Security
Spyware attacks tripled
Drink and drug driving c
Forgot your password?has
PKWARE PartnerLink membe
Masternaut provides live
Troj / Erazer-A Trojan i
Hacker of 21?Years old,
Free Firefox anti-phishi
Cyber-criminals are not
Using sohu website URL skipping crack deceit mailbox password
  Add date: 07/16/2008   Publishing date: 07/16/2008   Hits: 86
Total 3 pages, Current page:1, Jump to page:
 
the url skipping crack proliferates each big website, looks simply, THE9, sohu and so on have this crack unexpectedly! We take sohu are the examples, speaks this crack. Arrives at sohu the user registration page, may see that in the IE address fence, the default is writing http://passport.sohu.com/web/signup.jsp?appid=1000& ru= http://login.mail.sohu.com/reg/signup_success.jsp.

What in this string character “signup_success.jsp” is the page does? The sohu free registration, we try in any case. After originally registers successfully, skipped this page. If this address is other places? Now changes the address fence address, the replace is the IT168 security channel home page: http: //passport.sohu.com/web/signup.jsp? the appid=1000&ru= http://safe.it168.com/, then starts to register.

Finally jumped unexpectedly the IT168 security channel home page.

the sohu registration flow originally is this: Registration--Processing log-on message--Registers successfully--Skips to the successful page--Selects the page link to register automatically--After registering, skips mail.sohu.com.
But after skipping the page we may control, therefore the flow may change by us: Registration--Processing log-on message--Registers successfully--Skips to forge registers the page--The user input password spot registers--The submission password gives us--Finally skips mail.sohu.com.
Below after revision flow registration.
First prepares the tool, forge sohu registers the page (deceit to use), a ASP page (receive sends in password and preservation). Opens mail.sohu.com, duplicates a HTML source code according to the original design, to let the user be easier to be deceived, but also wants to register the mouth to inscribe “please do register” the inscription (process to see as follows).

Because sohu is registering the place used own has controlled, did not look that registered frame's code, the element which the operation registered has been troublesome, Microsoft has provided the Ietoolbar this IE plug-in unit fortunately, might see sohu registered controls a name, and so on registers controls a load to complete, might carry on to him operates.

From stressed in a package of data to be possible to see this to control to use AJAX, did not know that he triggered AJAX in the page the function is anything, possibly was onclick() also possibly is other, in wrote the code time must guarantee that let sohu register the code, in we submitted the password (to use for after our asp page to preserve password page) carried out. Regardless of his function is anything, we may intercept, use the JS function to kidnap the technology, is actually in the object-oriented language “the method recomposition” the technology.

a.html code (forge registers page):
........................
</body>
</html> (yizhi dao page finished label)
.....................Above is the mail.sohu.com page's code, .................
. We must add the code starts from, “ajaxurltmp” the value changes the asp document the address:

 
Other pages: : 1 * 2 * 3 * Next>>
Prev:Yahoo! Statistical function cross station script crack Next:phpinfo cross station script crack

Comment:

Category: Home > crack analyzes
Home