- In the extension bar, click the AdBlock Plus icon
- Click the large blue toggle for this website
- Click refresh
- In the extension bar, click the AdBlock icon
- Under "Pause on this site" click "Always"
- In the extension bar, click on the Adguard icon
- Click on the large green toggle for this website
- In the extension bar, click on the Ad Remover icon
- Click "Disable on This Website"
- In the extension bar, click on the orange lion icon
- Click the toggle on the top right, shifting from "Up" to "Down"
- In the extension bar, click on the Ghostery icon
- Click the "Anti-Tracking" shield so it says "Off"
- Click the "Ad-Blocking" stop sign so it says "Off"
- Refresh the page
- In the extension bar, click on the uBlock Origin icon
- Click on the big, blue power button
- Refresh the page
- In the extension bar, click on the uBlock icon
- Click on the big, blue power button
- Refresh the page
- In the extension bar, click on the UltraBlock icon
- Check the "Disable UltraBlock" checkbox
- Please disable your Ad Blocker
- Disable any DNS blocking tools such as AdGuardDNS or NextDNS
- Disable any privacy or tracking protection extensions such as Firefox Enhanced Tracking Protection or DuckDuckGo Privacy.
If the prompt is still appearing, please disable any tools or services you are using that block internet ads (e.g. DNS Servers, tracking protection or privacy extensions).
Question
darkhooda
NOTE: THIS IS A REPLICA OF THE SAME POST IN INTERNET, NETWORKING & SECURITY FORUM. NOT SURE IF IT APPLIES TO THIS FORUM, SO POSTING IT ANYWAYS
I've done some researching on Dynamicdrive's password encryptor at Dynamicdrive's website on this password encryptor, and it seems like that Dynamicdrive's password protector is very simple. We'll test this password protector at my friend's site, http://ruey.i8.com/password.html.
As you see from a simple glance of the Source Code of the page, the dynamicdrive specifically commands that
if(usercode==*USERCODE*&&passcode==*PASSCODE*)
{
window.location=password+".htm"}
stating that the correct username/password combination would direct to the page with the name of the password, making the usercode obsolete. Also, you will notice that the passcode is a jumble of numbers multiplied together, with 97 as the alias for "A", and 122 for "Z", and for numbers: 48 for "0" and 57 for "9". To find the passcode, simply use a calculator to divide the passcode by every number from 97 to 122. In this case, the number is
16451021400.
After you get the six possible letters, use Andy's Anagram Solver in order to unscramble the letters into one word. You would get NOTES, and therefore the corresponding page would be http://ruey.i8.com/notes.html
This can pose a major security threat to sites such as GmailFree. Webmasters, do what Dynamic Drive recommends you: use CGI or other password protectors! (and you can figure out gmailfree's lotto number yourself, although the page is offline)
Link to comment
https://www.neowin.net/forum/topic/263163-insecure-dynamicdrive-passwords/Share on other sites
0 answers to this question
Recommended Posts