longtimeago 0 Report post Posted November 20, 2009 So, i am sure and i agree that java script can do wonders. At times wonders can have some negative effects too. Let me go ahead with a practical scenario. Suppose that there is a Login page where the user name is known and the password is unknown and the login page does not have any CAPTCHA verification, That is if the password is entered several times wrong too nothing happens. In such a login page if the password is gonna be only date of births, eg. 01021990 (dd-mm--yyyy) then will Java script break into the authentication step ? The form method="post" . Here can there be a script written in Java and when it is inserted in the URL bar of the login page, the script will try all entries from 01011988 to 31121995 ( dd-mm-yy) in the password field and will keep on trying to deploy a brute force attack on the login page till its logged in . Can a java script can be written so ?? Here is the sample code of the login page : <input name="appUser.userId" id="appUser.userId" size="20" class="textbox" type="text"> </td> </tr> <tr> </tr> <tr> <td align="left" height="19" valign="middle"><span class="logintext">Password</span></td> <td align="left" height="19" valign="middle"><input name="appUser.passwd" size="20" class="textbox" type="password"> </td> If there can be a Java script like that please let me know and explain the script also to me so that i need to ensure certain attacks can be made and i need to prove that ..so that .. in a particular applications BiG changes have to made for security reasons . Share this post Link to post Share on other sites
afoongwl215 0 Report post Posted February 27, 2010 (edited) So, i am sure and i agree that java script can do wonders. At times wonders can have some negative effects too. Let me go ahead with a practical scenario. Suppose that there is a Login page where the user name is known and the password is unknown and the login page does not have any CAPTCHA verification, That is if the password is entered several times wrong too nothing happens. In such a login page if the password is gonna be only date of births, eg. 01021990 (dd-mm--yyyy) then will Java script break into the authentication step ? The form method="post" . Here can there be a script written in Java and when it is inserted in the URL bar of the login page, the script will try all entries from 01011988 to 31121995 ( dd-mm-yy) in the password field and will keep on trying to deploy a brute force attack on the login page till its logged in . Can a java script can be written so ?? Here is the sample code of the login page : var password = 01011988 ;for (i=0;i<100;i++){password++; //increment datecurl -d "appUser.userId=tom&appUser.passwd=$password" http://example.com/login.php //check return result} Edited December 17, 2016 by OpaQue (see edit history) Share this post Link to post Share on other sites