Client side authentication in real world
#1
There are websites out there that for some reason use client side authentication, in other words login credentials for those sites are visible in source code.

So how can you find such websites?

You can use source code search engines.

These are ones that I know of:

meanpath.com
nerdydata.com
publicwww.com
globalogiq.com
[url=publicwww.com][/url]




Unlike regular search engines, those search engines crawl html, js and css of websites. At this moment there is no free plan that would allow you to see exact domains but rather censored version(as in domain.com would be d*****n.com or similar).

But what would be "dork" to find such websites?

Well think about it , if they are using client side authentication it's more likely that they copy/pasted script than wrote it by themselves. So you can find those websites by putting part of the javascript login script in search bar.


So I found that really easy way to do it is using javascriptkit.com since their login scripts have comments

They can be found here:http://www.javascriptkit.com/script/cutindex6.shtml

So example of search string:"/*This Script allows people to enter by using a form that asks for a
UserID and Password*/"

This will return all sites using script that can be found here: http://www.javascriptkit.com/script/cut76.shtml

I am sure creative attacker can find other uses for source code search engines like perhaps finding sites using vulnerable wordpress plugins identifiable only through html.

All in all I believe this is pretty useful recon technique that's not very well known, use it responsibly :)
Reply
#2
A more efficient search might be "function pasuser" since some people will remove comments from things. Also "password==" shows some decent hits too.

https://meanpath.com/f/Ov9KFP
https://meanpath.com/f/PLPT3w
Reply
#3
Yes indeed,like I said any part of script can be put in the searchbox , thanks for advice . I used comments only so I can be sure too avoid false positives
Reply
#4
Ladies and gentlemen the first cracker-friendly form Big Grin
You don't even have to worry about guessing password or bruteforce it. Triple facepalm
Btw thanks for the share
Reply
#5
Never knew about this Website thanks for the share
Reply
#6
Oh! It's funny what's happening here! Also the website you are all using is down so only nerdydata can be used (at least for now).
http://image.prntscr.com/image/d0fd38dd6...a66ce4.png
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [SSI] Server-Side Includes Injection. [Tutorial] Insider 4 2,387 03-27-2020, 04:55 PM
Last Post: Insider
  Is it possible to bypass two factor authentication? QMark 10 5,098 04-21-2019, 09:38 PM
Last Post: MuddyBucket
  Server Side Injection Issues QMark 1 4,165 09-23-2018, 04:15 PM
Last Post: Insider
  Crypto World (cryptoworld.is) XSS zeroday 4 4,959 12-27-2015, 02:23 AM
Last Post: MLT