-
i need you to try and hack this!!!
ok, i made a password protected control panel thing for a client, and someone keeps getting in and changing things...
i have no friggin clue how, short of decompiling the swf, so i thought maybe you would know how...
if you could go here
http://www.seeminglyawake.net/profanehumor/main.html
and click on the client login, and try to hack it so you can update the news/shows area, then tell me how, so i can try to fix it.
i would owe you my life if you could help out (well maybe not my life, but i'd be very happy)
-
Griffhiggins 2.2
Is the password stored in the flash?
If so...it is simple to extract with a swf decompiler.
My advise? Let it check a db.
Clif
-
Slackware 9.0
You can't hide anything in Flash. PM me.
btw, I've got your password and I know how to use it!
-
F# A# oo
i got it.
you can open notepad and to a find for "password" and you will find it.
i suggest doing this sorta thing server side, or giving less obvious variable names.
-
Same here. Better get that addressed.
-
thanks for the help, i'm working on fixing it now...
-
Moderator
Last edited by enpstudios; 02-18-2003 at 12:42 PM.
-
so, to do it sever side or whatever, what do i have to do?
i thought i could load the password from a .txt file, but you could figure that out pretty easy too, right?
-
Griffhiggins 2.2
Yes...because you could easily just pull up the text file.
Use ASP/PHP with a db.
Clif
-
?
but you can't protect a text file can you? If this guy knows how to use SWF compiler then surely he would find out the address of the text file.
then all he needs to do is type the URL directly and the password is displayed.
With a database, you can password-protect it.
I could be wrong....Correct me if I am wrong.
-
don't need a db, just put the password in a php file
-
FK's Wave Pimp
Originally posted by JDO67
don't need a db, just put the password in a php file
use md5 too
-
okay... how do i put the password in a php file, and what is md5?
-
Phantom Flasher...
You don't need to use md5 but if you want it to be ultra secure, then use it.
php file should be something like: (I'm writing from memory here)
Code:
<?php
pass="thepassword"
?>
<html>Blah Blah No password for you!</html>
Have a look on hotscripts.com
-
thanks alot for the help
-
Phantom Flasher...
Make sure you test the php by viewing the source, when viewing it through a webbrowser online!
-
Slackware 9.0
I also suggest not posting a thread titled "i need you try and hack this" as some bored hacker might decide to destroy your server and say that you wanted him to.
-
hah, good point, hopefully that doesent happen
-
say no more
Hmmm,
There may be another way around it just using a text file. I've never tried this but I cant see why it wouldn't work. As long as you have access to folders outside of the root folder of your website, you can put the text file in there and just load any variables using the exact path to the text files. Something like:
loadVariablesNum("c://data/password.txt", 0);
or whatever.
Because it's outside your web root, there's no address that anyone can type to access it. I'm sure that would work provided you have access to a folder outside your web root and you know the exact path to it.
Someone's about to prove me wrong here - I can feel it.
-
hmm... thats an interesting idea... i'd like to hear wether or not that would be safe.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|