Results 1 to 8 of 8

Thread: How to find URL parameters for direct login?

  1. #1
    Senior Member
    Join Date
    Jul 2008
    Posts
    153

    How to find URL parameters for direct login?

    Hello,
    I wanna know the direct URL for signing in to a website like http://www.mmm.com/default.aspx?id=a...ate=vhsireuhfv
    But I don't know how to find it!!! I have tried some varieties but not useful.

    The source code contains:

    1- <input type="hidden" name="__VIEWSTATE" value="dDwzNTU2MjMyMTU7dDw7b..."

    2- <input name="MemberSignin1:tbNickname" type="text" maxlength="255" size="20" id="MemberSignin1_tbNickname"

    3- <input name="MemberSignin1:tbPassword" type="password" maxlength="20" size="20" id="MemberSignin1_tbPassword"

    In frontpage you should enter "Nickname" and "Password".
    The site has two versions with http and https. I prefer to know the direct login URL for https one, if possible. Please help me or give me some keywords for googling.
    Thanks

  2. #2
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    Greetings.

    I have moved this thread into a more fitting area

    And 2nd, can you just post the url? to the actual site..

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Hey,

    You simply need to craft your query properly.

    1) Is the form method POST or GET? This will change how the query is crafted. Your example makes use of a GET (no body, simply URL parameters).

    2) Is the action a URL or javascript? Is there an action? Does the login button have javascript for onClick that overrides the action?

    Then you simply need to format your query properly... Since POST would be the proper approach for a login, let's assume that's used. Using "Nickname" and "Password" as the actual values, and assuming the action page is "/default.aspx", you'd compose a request that looks something like this
    Code:
    POST /default.aspx HTTP/1.1
    HOST: example.com
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 105
    
    __VIEWSTATE=dDwzNTU2MjMyMTU7dDw7b&MemberSignin1%3AtbNickname=Nickname&MemberSignin1%3AtbPassword=Password
    I'm assuming my count wasn't off on Content-Length... it's a count of the body characters... Note that the : was replaced with %3A.

  4. #4
    Senior Member
    Join Date
    Jul 2008
    Posts
    153
    Thanks for moving this post to related section.
    The site is a social network.

    Edited by t34b4g5 Reason:>

    **NSFW THE LINKED SITES MAY CONTAIN ADULT CONTENT OR CONTENT THAT MAY OFFEND CLICK WITH CAUTION**
    https://www.secretmj.com
    http://www.manjam.com
    **********************

    I think it uses POST method.
    The ACTION is a URL but the site itself uses javascript for some other purposes.

    "Does the login button have javascript for onClick that overrides the action?"
    Well this this question needs more knowledge than my present amount!!!!!

    I have tried wireshark but I didn't find the answer of my question. Please give me more in-depth solution for similar future problems. And thanks for your help.
    I used your proposed URL my friend but I encountered to this page:
    /////////////////////////////////////////////////////////
    The page you requested has expired...

    The page you requested has expired because your browser is trying to
    access a cached or out-of-date version of this webpage.

    Click here to return to the homepage ยป

    How to fix your browser's settings...

    If you are reading this message your browser may not be configured correctly.
    Please make sure that your browser is set to Automatically cache webpages.

    To fix this problem, please follow the instructions below:

    Internet Explorer 6

    1. Open Internet Explorer 6.

    2. Go to the Tools menu and select Internet Options.

    3. Select the General tab.

    4. Under Temporary Internet Options, select Settings.

    5. Under Check for newer versions of stored pages, click Automatically, then click OK.

    6. In the same Internet Options panel, select the Privacy tab at the top of the panel.

    7. Click the Default button.

    8. Select Apply and then OK.

    Internet Explorer 7

    1. Open Internet Explorer 7.

    2. Click the Tools button and select Internet Options.

    3. Select the General tab.

    4. Under Browsing History, select Settings.

    5. Under Check for newer versions of stored pages, click Automatically, then click OK.

    6. In the same Internet Options panel, select the Privacy tab at the top of the panel.

    7. Click the Default button.

    8. Select Apply and then OK.

    Other Browsers

    1. Please see your browsers help for instructions on how to Automatically cache website pages.

    2. If you browser does not provide any help, please contact support.
    Last edited by t34b4g5; March 11th, 2009 at 11:44 AM.

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    http://www.robtex.com/ip/174.132.34.55.html
    http://www.robtex.com/dns/aps1w3.hubjet.com.html

    secretmj.com?

    The site you are trying to view is currently offline due to essential maintenance.
    This site is in the process of being upgraded and configured.
    The site will be back online shortly.
    Might that be your answer?
    Last edited by nihil; March 11th, 2009 at 11:24 AM.

  6. #6
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    I was greeted with a suprise when i clicked the 2nd url. So i've added a warning message to your post BoyBoy.

  7. #7
    Senior Member
    Join Date
    Jul 2008
    Posts
    153
    Thanks nihil. Apparently in the moment you wanted to visit this site, it had
    been down!!!!!!!! It works. I have tried it with all of its partners. Please try it again. The frontpage is black with only two boxes for "Nickname" and "Password" (https://www.secretmj.com). Or you might use: www.manjam.eu if .com and or secretmj are down temporarily!
    What I want to know is something like what HTRegz suggested, but a working one like:
    ww.mmm.c0m/default.aspx?_VIEWSTATE=aaa&AtbNickname=bbb&MemberSignin1:AtbPassword=111

    I have tested some alternatives but without any result. I think when users submit their info by input boxes and pressing "Sign-in" button there must be a way for direct loging in via URL.

    I appreciate what you did t34b4g5. It was exactly the reason I didn't post the real URL in my first post. However even if you think it's better to delete the second URL completely, I'm OK with this decision.
    Last edited by boyboy400; March 11th, 2009 at 03:04 PM.

  8. #8
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    It's all good, just in the future if you are going to include questionable links just put up a nice big warning so that those of us that might be at work or someplace that may result in us getting fired etc
    will know not to click the link.

Similar Threads

  1. how to find xp login password *.pwl files
    By sandeshtrivedi in forum Newbie Security Questions
    Replies: 15
    Last Post: October 15th, 2005, 10:45 PM
  2. Tips
    By XTC46 in forum Site Feedback/Questions/Suggestions
    Replies: 15
    Last Post: August 24th, 2005, 07:52 PM
  3. Making the Win9x/ME login more secure(sort off)
    By el-half in forum The Security Tutorials Forum
    Replies: 7
    Last Post: September 10th, 2003, 09:54 PM
  4. Tutorial: IP Addresses: What are they and how do i find them
    By zxtech in forum AntiOnline's General Chit Chat
    Replies: 27
    Last Post: July 5th, 2002, 08:39 PM
  5. Batch File Tut
    By Badassatchu in forum Non-Security Archives
    Replies: 1
    Last Post: November 23rd, 2001, 11:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •