1 / 12

ECollege Hacking

ECollege Hacking. Marcial White. Introduction. Client Side vs. Server Side Javascript POST vs. GET. Howto Retake tests. Using simple URL manipulation …. That’s pretty much it. Examine the source code Rebuild the URL with the pertinent variables Hit enter.

serge
Download Presentation

ECollege Hacking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ECollege Hacking Marcial White

  2. Introduction • Client Side vs. Server Side • Javascript • POST vs. GET

  3. Howto Retake tests • Using simple URL manipulation …. That’s pretty much it. • Examine the source code • Rebuild the URL with the pertinent variables • Hit enter

  4. Look for this chunk of Javascript • <!-- function BeginExam() { var url = ''; var url2 = ''; if (document.ExamPost.ExamPassword .value == "") { alert("Please enter a password.") return false; } url2 = '&ExamPassword=' + document.ExamPost.ExamPassword. value; url += '/ec/exm2/StudentBeginExam.learn'; url += '?CourseID=2169391'; //url += '&BeginExam=1'; url += '&ExamPKID=1370799'; url += '&UnitNumber=10'; url += '&CoID=48'; url += url2; top.Content.location = url; } //-->

  5. And you get….

  6. THESE guys ….

  7. Spoofing your name in posts … • Javascript is client side • Easily manipulable, if you have webspace to use … • Copy the source of the page • Change the hardcoded names • Comment out the verification function at the top • Upload • Run • Don’t forget: relative vs. absolute paths

  8. The Validation Function … function validate(f) { if (submitted) { return false; } // if (f.message.value=="") { ttrack 13518 if (CRTrim(f.message.value)=="") { //ttrack 13518 alert('Please add text for this thread.'); f.message.focus(); return false; } submitted = true; //11/21/00 bugtar 991 if (f.FILE.value!="") { document.StatusUser.submit(); } //11/21/00 end return true; }

  9. The hardcoded name … • <tr class="tr-content-light"> <td class="td-content-dark" align="right"><strong>First Name :</strong></td> <td class="td-content-dark">Marcial<input type="hidden" name="firstname" value="Marcial"></td> </tr> <tr class="tr-content-light"> <td class="td-content-dark" align="right"><strong>Last Name :</strong></td> <td class="td-content-dark">White<input type="hidden" name="lastname" value="White"></td> </tr>

  10. The outcome …

  11. Problems … • Password protected tests • Hum …. I guess that’s it.

  12. Disclaimer … • White hat vs. Black hat • I do this so it will get fixed • Pretty cool eh? • Questions?

More Related