Now Place:2uzhan.com » [RESOLVED] Dodgy JS Passwording.

[RESOLVED] Dodgy JS Passwording.

PHP @ December 1, 2007   Views:0

I have been asked to take a look at a project, It's got a javascript based login for a client.

Basically it seems they enter there id which has the form of "username/index", so username with '/index' at the end. the javascript then adds .html to the end and checks if the directory exists. If it does, it sends them there, if not, it docent.

What I want to know is, can you possibly get the folder structure of a website?

This doesn't have to be the most secure thing but i wouldn't want it to be too easy.

Again, I didn't write this, its just something Ive came along to mod.


You need a serverside language to check anything on a server. If the server is running a Windows server OS, you could try the MS adaptation of javascript called Jscript, but most current security settings prevent it.

© 2018 2uzhan.com Contact