function Login(){
var done=0;
var username=document.login.username.value;
username=username.toLowerCase();
var password=document.login.password.value;
password=password.toLowerCase();
if (username=="tshm" && password=="thebigpicture") { window.location="image_download.shtm"; done=1; }
if (username=="kevin" && password=="tshm") { window.location="image_download.shtm"; done=1; }
if (username=="member3" && password=="password3") { window.location="page3.html"; done=1; }
if (done==0) { alert("Invalid login!"); }
}

 

Guess what?  It's unencrypted and found in the source of the login page.

 

lgeekery:

function Login(){
var done=0;
var username=document.login.username.value;
username=username.toLowerCase();
var password=document.login.password.value;
password=password.toLowerCase();
if (username=="tshm" && password=="thebigpicture") { window.location="image_download.shtm"; done=1; }
if (username=="kevin" && password=="tshm") { window.location="image_download.shtm"; done=1; }
if (username=="member3" && password=="password3") { window.location="page3.html"; done=1; }
if (done==0) { alert("Invalid login!"); }
}

Guess what?  It's unencrypted and found in the source of the login page.

The hardest thing with this one is deciding where to start with describing the wrongness...

Maybe... why is one member's user name another member's password? What is the mystery behind page3.htm? Which members have acess to page2.htm and page1.htm? What horrible tale of forgotten passwords has the toLowerCase to tell? The questions... they're burning...

PSWorx:

lgeekery:

function Login(){
var done=0;
var username=document.login.username.value;
username=username.toLowerCase();
var password=document.login.password.value;
password=password.toLowerCase();
if (username=="tshm" && password=="thebigpicture") { window.location="image_download.shtm"; done=1; }
if (username=="kevin" && password=="tshm") { window.location="image_download.shtm"; done=1; }
if (username=="member3" && password=="password3") { window.location="page3.html"; done=1; }
if (done==0) { alert("Invalid login!"); }
}

Guess what?  It's unencrypted and found in the source of the login page.

The hardest thing with this one is deciding where to start with describing the wrongness...

Maybe... why is one member's user name another member's password? What is the mystery behind page3.htm? Which members have acess to page2.htm and page1.htm? What horrible tale of forgotten passwords has the toLowerCase to tell? The questions... they're burning...

 

What happens, exactly, if you just... go to image_download.shtm?

An amazing thing called... a 404 error.  (Yes, it does get worse.  They didn't even put in the correct links.   Both cases of shtm should be shtml.)

Certainly stupid, but we've seen worse. Heck, you can find a worse security system at any US airport.

asuffield:

Certainly stupid, but we've seen worse. Heck, you can find a worse security system at any US airport.

 

You know, it's not generally considered kouth to point out that the Emperor has no clothes... 

lgeekery:

Guess what?  It's unencrypted and found in the source of the login page.

Real men do, of course, encrypt their javascript, kind of like this: http://halcy.de/code/rot13/rot13ajax.pl (Beat that for "ajax abuse" ;) ) 

TODO: Add users "member4" and "member5"

Some kids' stuff?