neo_philiac
07-16-2006, 04:06 PM
1) Script Title: Encrypted Password
2) Script URL (on DD): Encrypted Password ::D
<script>
//Encrypted Password script- By Rob Heslop
//Script featured on Dynamic Drive
//Visit http://www.dynamicdrive.com
function submitentry(){
password = document.password1.password2.value.toLowerCase()
username = document.password1.username2.value.toLowerCase()
passcode = 1
usercode = 1
for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
for(x = 0; x < username.length; x++) {
usercode *= username.charCodeAt(x);
}
//CHANGE THE NUMBERS BELOW TO REFLECT YOUR USERNAME/PASSWORD
if(usercode==134603040&&passcode==126906300)
//CHANGE THE NUMBERS ABOVE TO REFLECT YOUR USERNAME/PASSWORD
{
window.location=password+".htm"}
else{
alert("password/username combination wrong")}
}
</script>
<form name="password1">
<strong>Enter username: </strong>
<input type="text" name="username2" size="15">
<br>
<strong>Enter password: </strong>
<input type="password" name="password2" size="15">
<input type="button" value="Submit" onClick="submitentry()">
</form>
3) Describe problem: If you wanted to bypass this method (as mentioned in the "Encrypted Password Generator" script) , how would you do it. I am challenging the integrity of this code in order to enhance my own security. Please post your methods for bypassing this trick of making the password unviewable by just looking at the source.
My method:
View the List all the files in the web folder to look at the page named after password.
[please post yours]
Thanks:D
2) Script URL (on DD): Encrypted Password ::D
<script>
//Encrypted Password script- By Rob Heslop
//Script featured on Dynamic Drive
//Visit http://www.dynamicdrive.com
function submitentry(){
password = document.password1.password2.value.toLowerCase()
username = document.password1.username2.value.toLowerCase()
passcode = 1
usercode = 1
for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
for(x = 0; x < username.length; x++) {
usercode *= username.charCodeAt(x);
}
//CHANGE THE NUMBERS BELOW TO REFLECT YOUR USERNAME/PASSWORD
if(usercode==134603040&&passcode==126906300)
//CHANGE THE NUMBERS ABOVE TO REFLECT YOUR USERNAME/PASSWORD
{
window.location=password+".htm"}
else{
alert("password/username combination wrong")}
}
</script>
<form name="password1">
<strong>Enter username: </strong>
<input type="text" name="username2" size="15">
<br>
<strong>Enter password: </strong>
<input type="password" name="password2" size="15">
<input type="button" value="Submit" onClick="submitentry()">
</form>
3) Describe problem: If you wanted to bypass this method (as mentioned in the "Encrypted Password Generator" script) , how would you do it. I am challenging the integrity of this code in order to enhance my own security. Please post your methods for bypassing this trick of making the password unviewable by just looking at the source.
My method:
View the List all the files in the web folder to look at the page named after password.
[please post yours]
Thanks:D