Sunday, September 9, 2007

Vulnerable Websites

If you have the html and javascript knowledge then you can access password protected websites. So you want to know how??

keep reading.....

1. Open the website you want to get in. Provide wrong username-password in its log in form.

(e.g : Username : me and Password: ' or 1=1 --)

An error will occur saying wrong username-password. Now be prepared

Your experiment starts from here...

2. Right click anywhere on that error page =>> go to view source.

3. There you can see the html codings with javascripts.

4. There you find somewhat like this....<_form action="..login....">

5. Before this login information copy the url of the site in which you are.

(e.g :"<_form..........action=>")

6. Then delete the javascript from the above that validates your information in the server.(Do this very carefully, ur success to get into the site depends upon this i.e how efficiently you delete the javascripts that validate ur account information)

7. Then take a close look for "<_input name="password" type="password">"[without quotes] -> replace "<_type=text> " there instead of "<_type=password>". See there if maxlength of password is less than 11 then increase it to 11 (e.g : if then write )

8. Just go to file => save as and save it any where in your hardisk with ext.html(e.g: c:\chan.html)

9. Reopen your target web page by double clicking 'chan.html' file that you saved in your

harddisk earlier.

10. U see that some changes in current page as compared to original One. Don't get worried.

11. Provide any username[e.g:sniker] and password[e.g:' or 1=1 --]

Congrats!!!!!! You have successfully cracked the above website and entered into the account of Ist user saved in the server's database.

*****[Please read "_form"="form" & "_type"="type" & "_input"="input" without quotes]

The above trick won't work on the websites using latest technique to protect there servers. Still you may find some websites to use this trick. Enjoy!!!!

WARNING: We post this trick just for your educational knowledge only. Don't misuse it other wise you will be in trouble. I take no responsibility of usage of the above trick]


Chan said...
This comment has been removed by the author.
Anonymous said...

Sir i still dont get the step 5, 6, 7.... :b

but still im trying to solve it.. >.<

but do i know that im already hacking
the site??

by the way.. thanks a lot for the knowledge.. more power to you..

Amit Rawat said...
This comment has been removed by a blog administrator.
Amit Rawat said...

but it'll work depending upon site saftey.