• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

  • 0
Sign in to follow this  

Insecure Dynamicdrive Passwords

Question

darkhooda    0

NOTE: THIS IS A REPLICA OF THE SAME POST IN INTERNET, NETWORKING & SECURITY FORUM. NOT SURE IF IT APPLIES TO THIS FORUM, SO POSTING IT ANYWAYS

I've done some researching on Dynamicdrive's password encryptor at Dynamicdrive's website on this password encryptor, and it seems like that Dynamicdrive's password protector is very simple. We'll test this password protector at my friend's site, http://ruey.i8.com/password.html.

As you see from a simple glance of the Source Code of the page, the dynamicdrive specifically commands that

if(usercode==*USERCODE*&&passcode==*PASSCODE*)

{

window.location=password+".htm"}

stating that the correct username/password combination would direct to the page with the name of the password, making the usercode obsolete. Also, you will notice that the passcode is a jumble of numbers multiplied together, with 97 as the alias for "A", and 122 for "Z", and for numbers: 48 for "0" and 57 for "9". To find the passcode, simply use a calculator to divide the passcode by every number from 97 to 122. In this case, the number is

16451021400.

After you get the six possible letters, use Andy's Anagram Solver in order to unscramble the letters into one word. You would get NOTES, and therefore the corresponding page would be http://ruey.i8.com/notes.html

This can pose a major security threat to sites such as GmailFree. Webmasters, do what Dynamic Drive recommends you: use CGI or other password protectors! (and you can figure out gmailfree's lotto number yourself, although the page is offline)

Share this post


Link to post
Share on other sites

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.