If you've ever used javascript you'd probably already know this stupid javascript trick but, I'm gonna post it for those that don't and maybe a couple less people will stop leaving their password saved....
Okay off the bat common sense says that you should be cautious about clicking the checkbox that says remember my password but, this is another.
 |
| A login page in firefox with firebug enabled. |
in such a case all I would need to do to get the value of the password field would be to do the following...
- View the source code of the page Locate the text box in code probably has a name or id with something like password or use firebug and right click inspect to get it for you. In any case it would look something like this.
<input type='password' name='pwd' id='pwd' /> - Clear your url address at the top of your browser and type this in
javascript:alert(document.getElementById("pwd").value); - At this point you should be seeing the password in the hidden field. "somepassword"
- ???
(actually hang around a place with publicly available pc's and wait for the unsuspecting computer illiterate person to leave their pc and follow steps 1-3 and do what you will with the account. What you do after that is your business...) - Profit.
I am not endorsing this. Just throwing it out there because it annoys the crap out of me when I see people do this. Oh and ...
No comments:
Post a Comment