19 February 1998

This is a pretty important reversing exercise, since most username/password cgi-scripts use analoguous systems. The angle of attack in such cases, of course, is that most of the time you know (or can easily imagine) the usual passwords and username couples (like fred and fred which is incredibly often used for obvious keyboard reasons :-)
Do I need to say more?

I have prepared 6 different valid combinations, as you will see in the code... FOUR (to help you check your findings) will land you to page 123456.htm... just to show you the complete workings, and TWO will land on the real page... ah yes, of course they may be not in the same order as here when you look at the code inside... :-)
 username password    123456.htm
 visitor  password    123456.htm
 fred     fred        123456.htm Fravia Fravia      123456.htm
 ?        ?                ?.htm
 ?        ?                ?.htm
As you'll see, they all work... now to get to the real targeted page, you will have to use one of the two possibile username/password combinations... and it is up to you, now, to find the name (or, better, the 'number') of the REAL URL... see you there! Ah, I almost forgot: a little stalking/searching/sniffing could help a lot, of course :-)
This script accepts six users... just try to land in the correct page... you'll find there Papazov's solution and more

You are deep inside Fravia's page of reverse engineering, choose your way out:

Javascript page
Back to the main entrance

redhomepage redlinks redanonymity red+ORC redstudents' essays redacademy database
redtools redcocktails redantismut CGI-scripts redsearch_forms redmail_Fravia
redIs reverse engineering legal?

red(c) Fravia 1995, 1996, 1997, 1998. All rights reserved