Jump to content
xisto Community
longtimeago

Java Script - Can It Be Used For Bruitforce Attack Security related

Recommended Posts

So, i am sure and i agree that java script can do wonders. At times wonders can have some negative effects too. Let me go ahead with a practical scenario. Suppose that there is a Login page where the user name is known and the password is unknown and the login page does not have any CAPTCHA verification, That is if the password is entered several times wrong too nothing happens. In such a login page if the password is gonna be only date of births, eg. 01021990 (dd-mm--yyyy) then will Java script break into the authentication step ? The form method="post" . Here can there be a script written in Java and when it is inserted in the URL bar of the login page, the script will try all entries from 01011988 to 31121995 ( dd-mm-yy) in the password field and will keep on trying to deploy a brute force attack on the login page till its logged in . Can a java script can be written so ??

Here is the sample code of the login page :

<input name="appUser.userId" id="appUser.userId" size="20" class="textbox" type="text"> 			   </td> 				  </tr> 				  <tr> 				   				  </tr> 				  <tr> 					<td align="left" height="19" valign="middle"><span class="logintext">Password</span></td> 					<td align="left" height="19" valign="middle"><input name="appUser.passwd" size="20" class="textbox" type="password">   </td>

If there can be a Java script like that please let me know and explain the script also to me so that i need to ensure certain attacks can be made and i need to prove that ..so that .. in a particular applications BiG changes have to made for security reasons .

Share this post


Link to post
Share on other sites

So, i am sure and i agree that java script can do wonders. At times wonders can have some negative effects too. Let me go ahead with a practical scenario. Suppose that there is a Login page where the user name is known and the password is unknown and the login page does not have any CAPTCHA verification, That is if the password is entered several times wrong too nothing happens. In such a login page if the password is gonna be only date of births, eg. 01021990 (dd-mm--yyyy) then will Java script break into the authentication step ? The form method="post" . Here can there be a script written in Java and when it is inserted in the URL bar of the login page, the script will try all entries from 01011988 to 31121995 ( dd-mm-yy) in the password field and will keep on trying to deploy a brute force attack on the login page till its logged in . Can a java script can be written so ??

 

Here is the sample code of the login page :

 

 

var password = 01011988 ;for (i=0;i<100;i++){password++; //increment datecurl -d "appUser.userId=tom&appUser.passwd=$password" 
http://example.com/login.php //check return result}

 

Edited by OpaQue (see edit history)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.