The Forum has been Updated
The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.
where:
anti-spam-registration code and
guestbook 3.6
what: users / scripts can count back the antispam code and can enter the right security code
exploit: right click on a security image you should see --> e.g. http://aspire/register.asp?code=image&rc=12343321851&p=1
- we now need the number red marked
- and the count variable (in the antispam code)
RandCode = (strRCCode + 17456) / 50000
==> now count:
12343321851 + 17456 / 50000 = you get the image code
bugfix: to prevent this change the numbers to some other e.g.
from -> RandomizedCode = NumbersToShow * 50000 - 17456 to => RandomizedCode = NumbersToShow * 47900 - 15249
and:
from -> RandCode = (strRCCode + 17456) / 50000 to => RandCode = (strRCCode + 15249) / 47900
don't use the numbers here it is just a sample use other numbers... i don't know a page where it was happen but the way is there... so it is better to change everything to make it heavy to hack something
<
guestbook 3.6
what: users / scripts can count back the antispam code and can enter the right security code
exploit: right click on a security image you should see --> e.g. http://aspire/register.asp?code=image&rc=12343321851&p=1
- we now need the number red marked
- and the count variable (in the antispam code)
RandCode = (strRCCode + 17456) / 50000
==> now count:
12343321851 + 17456 / 50000 = you get the image code
bugfix: to prevent this change the numbers to some other e.g.
from -> RandomizedCode = NumbersToShow * 50000 - 17456 to => RandomizedCode = NumbersToShow * 47900 - 15249
and:
from -> RandCode = (strRCCode + 17456) / 50000 to => RandCode = (strRCCode + 15249) / 47900
don't use the numbers here it is just a sample use other numbers... i don't know a page where it was happen but the way is there... so it is better to change everything to make it heavy to hack something
<
ich finds genial...
bei uns ist es ratzekuz dunkel und bei dene alle heller nachmittag
Postet den
Actually if you submit this URL with register.asp?code=image&rc=12343321851&p=1, it will redirect to the first digit image which is usually in the form of n.gif. The file name actually gives away the digit in the code. Increasing the number for p will eventually get you all the digits, ireegardless of what formula you used. There should be a way to prevent register.asp from showing the digits if the page was not called from a form submit.
cheers,
Nat<
cheers,
Nat<