-
March 9th, 2009, 03:48 PM
#1
How to find URL parameters for direct login?
Hello,
I wanna know the direct URL for signing in to a website like http://www.mmm.com/default.aspx?id=a...ate=vhsireuhfv
But I don't know how to find it!!! I have tried some varieties but not useful.
The source code contains:
1- <input type="hidden" name="__VIEWSTATE" value="dDwzNTU2MjMyMTU7dDw7b..."
2- <input name="MemberSignin1:tbNickname" type="text" maxlength="255" size="20" id="MemberSignin1_tbNickname"
3- <input name="MemberSignin1:tbPassword" type="password" maxlength="20" size="20" id="MemberSignin1_tbPassword"
In frontpage you should enter "Nickname" and "Password".
The site has two versions with http and https. I prefer to know the direct login URL for https one, if possible. Please help me or give me some keywords for googling.
Thanks
-
March 9th, 2009, 11:26 PM
#2
Greetings.
I have moved this thread into a more fitting area
And 2nd, can you just post the url? to the actual site..
-
March 10th, 2009, 07:47 AM
#3
Hey,
You simply need to craft your query properly.
1) Is the form method POST or GET? This will change how the query is crafted. Your example makes use of a GET (no body, simply URL parameters).
2) Is the action a URL or javascript? Is there an action? Does the login button have javascript for onClick that overrides the action?
Then you simply need to format your query properly... Since POST would be the proper approach for a login, let's assume that's used. Using "Nickname" and "Password" as the actual values, and assuming the action page is "/default.aspx", you'd compose a request that looks something like this
Code:
POST /default.aspx HTTP/1.1
HOST: example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 105
__VIEWSTATE=dDwzNTU2MjMyMTU7dDw7b&MemberSignin1%3AtbNickname=Nickname&MemberSignin1%3AtbPassword=Password
I'm assuming my count wasn't off on Content-Length... it's a count of the body characters... Note that the : was replaced with %3A.
-
March 10th, 2009, 07:12 PM
#4
Thanks for moving this post to related section.
The site is a social network.
Edited by t34b4g5 Reason:>
**NSFW THE LINKED SITES MAY CONTAIN ADULT CONTENT OR CONTENT THAT MAY OFFEND CLICK WITH CAUTION**
https://www.secretmj.com
http://www.manjam.com
**********************
I think it uses POST method.
The ACTION is a URL but the site itself uses javascript for some other purposes.
"Does the login button have javascript for onClick that overrides the action?"
Well this this question needs more knowledge than my present amount!!!!!
I have tried wireshark but I didn't find the answer of my question. Please give me more in-depth solution for similar future problems. And thanks for your help.
I used your proposed URL my friend but I encountered to this page:
/////////////////////////////////////////////////////////
The page you requested has expired...
The page you requested has expired because your browser is trying to
access a cached or out-of-date version of this webpage.
Click here to return to the homepage ยป
How to fix your browser's settings...
If you are reading this message your browser may not be configured correctly.
Please make sure that your browser is set to Automatically cache webpages.
To fix this problem, please follow the instructions below:
Internet Explorer 6
1. Open Internet Explorer 6.
2. Go to the Tools menu and select Internet Options.
3. Select the General tab.
4. Under Temporary Internet Options, select Settings.
5. Under Check for newer versions of stored pages, click Automatically, then click OK.
6. In the same Internet Options panel, select the Privacy tab at the top of the panel.
7. Click the Default button.
8. Select Apply and then OK.
Internet Explorer 7
1. Open Internet Explorer 7.
2. Click the Tools button and select Internet Options.
3. Select the General tab.
4. Under Browsing History, select Settings.
5. Under Check for newer versions of stored pages, click Automatically, then click OK.
6. In the same Internet Options panel, select the Privacy tab at the top of the panel.
7. Click the Default button.
8. Select Apply and then OK.
Other Browsers
1. Please see your browsers help for instructions on how to Automatically cache website pages.
2. If you browser does not provide any help, please contact support.
Last edited by t34b4g5; March 11th, 2009 at 11:44 AM.
-
March 11th, 2009, 11:09 AM
#5
http://www.robtex.com/ip/174.132.34.55.html
http://www.robtex.com/dns/aps1w3.hubjet.com.html
secretmj.com?
The site you are trying to view is currently offline due to essential maintenance.
This site is in the process of being upgraded and configured.
The site will be back online shortly.
Might that be your answer?
Last edited by nihil; March 11th, 2009 at 11:24 AM.
-
March 11th, 2009, 11:45 AM
#6
I was greeted with a suprise when i clicked the 2nd url. So i've added a warning message to your post BoyBoy.
-
March 11th, 2009, 11:55 AM
#7
Thanks nihil. Apparently in the moment you wanted to visit this site, it had
been down!!!!!!!! It works. I have tried it with all of its partners. Please try it again. The frontpage is black with only two boxes for "Nickname" and "Password" (https://www.secretmj.com). Or you might use: www.manjam.eu if .com and or secretmj are down temporarily!
What I want to know is something like what HTRegz suggested, but a working one like:
ww.mmm.c0m/default.aspx?_VIEWSTATE=aaa&AtbNickname=bbb&MemberSignin1:AtbPassword=111
I have tested some alternatives but without any result. I think when users submit their info by input boxes and pressing "Sign-in" button there must be a way for direct loging in via URL.
I appreciate what you did t34b4g5. It was exactly the reason I didn't post the real URL in my first post. However even if you think it's better to delete the second URL completely, I'm OK with this decision.
Last edited by boyboy400; March 11th, 2009 at 03:04 PM.
-
March 11th, 2009, 02:23 PM
#8
It's all good, just in the future if you are going to include questionable links just put up a nice big warning so that those of us that might be at work or someplace that may result in us getting fired etc
will know not to click the link.
Similar Threads
-
By sandeshtrivedi in forum Newbie Security Questions
Replies: 15
Last Post: October 15th, 2005, 10:45 PM
-
By XTC46 in forum Site Feedback/Questions/Suggestions
Replies: 15
Last Post: August 24th, 2005, 07:52 PM
-
By el-half in forum The Security Tutorials Forum
Replies: 7
Last Post: September 10th, 2003, 09:54 PM
-
By zxtech in forum AntiOnline's General Chit Chat
Replies: 27
Last Post: July 5th, 2002, 08:39 PM
-
By Badassatchu in forum Non-Security Archives
Replies: 1
Last Post: November 23rd, 2001, 11:13 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|