sirBAMF Posted October 3, 2008 Posted October 3, 2008 Can you manipulate a script using javascript injection the same way you alter a form? This is the code: <script language="JavaScript" type="text/JavaScript"> <!-- function MM_goToURL() { var i, args=MM_goToURL.arguments; document.MM_returnValue = false; for (i=0; i<(args.length-1); i+=2) eval(args+".location='"+args[i+1]+"'"); } function init() { document.frm1.USERID_VC.focus(); } window.onload = init; //--> </script> Question 2: Can you change this to give you the password or gain access? I know the username. Quote
Sparda Posted October 3, 2008 Posted October 3, 2008 Can you manipulate a script using javascript injection the same way you alter a form? This is the code: <script language="JavaScript" type="text/JavaScript"> <!-- function MM_goToURL() { var i, args=MM_goToURL.arguments; document.MM_returnValue = false; for (i=0; i<(args.length-1); i+=2) eval(args+".location='"+args[i+1]+"'"); } function init() { document.frm1.USERID_VC.focus(); } window.onload = init; //--> </script> Question 2: Can you change this to give you the password or gain access? I know the username. What password? Quote
sirBAMF Posted October 5, 2008 Author Posted October 5, 2008 I did a liitle more digging and found this line. <input id="pass" class="AccounttxtBox" type="password" name="PASSWD_VC"/> is there a way to get to the "PASSWD_VC"? Quote
digip Posted October 5, 2008 Posted October 5, 2008 That depends on what is going on server side. If its hitting PHP and an Sql database, you would need to know what version of SQL they are running and then find an appropriate method/sploit to retreive it from the database. More info on the target system and underlying scripts would be needed, like XML-http requests, Ajax,etc, but most things like this aren't impossible, just require the knowledge of how to break it if you know your target system. If its sending it as a GET request and you see the info in your URL after an attempt to login, you can at least see what it looks like when its submitting the info. (Alternatively on some sites you could edit a form to change it from a POST to GET request and see what is going on to give you further details as to the format of the forms submitted info.) The Javascript you posted looks like it is already in a GET method since it looks like it appends it to the URL of the site. Without seeing where this came from, I'm going to guess its on a site using asp or aspx, like a windows IIS server of some sort, so chances are they are using msSQL somewhere and might be exploitable to some extent. If you see the info in the URL, you can try appending things to get it to spit out other data. Google for more help... Quote
DingleBerries Posted October 5, 2008 Posted October 5, 2008 I told myself that I would never use cain, but i broke down and downloaded it last night and it does a great job at sniffing POST passwords and what not. But a MITM attack should get you all the information that you need. What exactly is the situation, i.e. a residents, coffee shop, school? Then we might be able to give you an way to set up the attack. Quote
sirBAMF Posted October 5, 2008 Author Posted October 5, 2008 its a school using schoolwires.com. I know that if you can sign-in to the site you can access the faweb.bishopmoore.org part. I tried using some standard SQL injections to no avail. the site is http://www.bishopmoore.org/bishopmoorechs/...count/login.asp. i am wondering if it is possible? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.