Client side authentication in real world
There are websites out there that for some reason use client side authentication, in other words login credentials for those sites are visible in source code.

So how can you find such websites?

You can use source code search engines.

These are ones that I know of:

Unlike regular search engines, those search engines crawl html, js and css of websites. At this moment there is no free plan that would allow you to see exact domains but rather censored version(as in would be d***** or similar).

But what would be "dork" to find such websites?

Well think about it , if they are using client side authentication it's more likely that they copy/pasted script than wrote it by themselves. So you can find those websites by putting part of the javascript login script in search bar.

So I found that really easy way to do it is using since their login scripts have comments

They can be found here:

So example of search string:"/*This Script allows people to enter by using a form that asks for a
UserID and Password*/"

This will return all sites using script that can be found here:

I am sure creative attacker can find other uses for source code search engines like perhaps finding sites using vulnerable wordpress plugins identifiable only through html.

All in all I believe this is pretty useful recon technique that's not very well known, use it responsibly :)
A more efficient search might be "function pasuser" since some people will remove comments from things. Also "password==" shows some decent hits too.
Yes indeed,like I said any part of script can be put in the searchbox , thanks for advice . I used comments only so I can be sure too avoid false positives
Ladies and gentlemen the first cracker-friendly form Big Grin
You don't even have to worry about guessing password or bruteforce it. Triple facepalm
Btw thanks for the share
Never knew about this Website thanks for the share
Oh! It's funny what's happening here! Also the website you are all using is down so only nerdydata can be used (at least for now).

Possibly Related Threads…
Thread Author Replies Views Last Post
  [SSI] Server-Side Includes Injection. [Tutorial] Insider 4 2,155 03-27-2020, 04:55 PM
Last Post: Insider
  Is it possible to bypass two factor authentication? QMark 10 4,773 04-21-2019, 09:38 PM
Last Post: MuddyBucket
  Server Side Injection Issues QMark 1 4,004 09-23-2018, 04:15 PM
Last Post: Insider
  Crypto World ( XSS zeroday 4 4,783 12-27-2015, 02:23 AM
Last Post: MLT