Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/Code)
 hack antispam code (if numbers are not changed)

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!
Before posting, make sure you have read this topic!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
Check here to subscribe to this topic.
   

T O P I C    R E V I E W
Sonic Posted - 03 December 2005 : 05:04:19
where:
anti-spam-registration code and
guestbook 3.6

what:
users / scripts can count back the antispam code and can enter the right security code

exploit:
right click on a security image you should see --> e.g.
http://aspire/register.asp?code=image&rc=12343321851&p=1

- we now need the number red marked
- and the count variable (in the antispam code)
RandCode = (strRCCode + 17456) / 50000

==> now count:
12343321851 + 17456 / 50000 = you get the image code

bugfix:
to prevent this change the numbers to some other e.g.

from -> RandomizedCode = NumbersToShow * 50000 - 17456
to => RandomizedCode = NumbersToShow * 47900 - 15249

and:

from -> RandCode = (strRCCode + 17456) / 50000
to => RandCode = (strRCCode + 15249) / 47900

don't use the numbers here it is just a sample use other numbers...
i don't know a page where it was happen but the way is there...
so it is better to change everything to make it heavy to hack something <
1   L A T E S T    R E P L I E S    (Newest First)
Nertz Posted - 03 December 2005 : 17:26:53
Actually if you submit this URL with register.asp?code=image&rc=12343321851&p=1, it will redirect to the first digit image which is usually in the form of n.gif. The file name actually gives away the digit in the code. Increasing the number for p will eventually get you all the digits, ireegardless of what formula you used. There should be a way to prevent register.asp from showing the digits if the page was not called from a form submit.

cheers,
Nat<

Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.02 seconds. Powered By: Snitz Forums 2000 Version 3.4.07