Hacking Geocities - A big security hole


1) I connect to the site and go the the login page. When I log in the POSt method is used. The login form contains an input type : INPUT TYPE=password LENGTH=20 NAME=passwd> When studied through a sniffer the password is sent as clear text.

2)The server passes me an htm file called filemanager.htm. If your browser supports viewing of the HTML source, do this and look at some of the hidden input. There are three entries of note :

INPUT TYPE="hidden" NAME="member" VALUE="jsmith">

INPUT TYPE="hidden" NAME="passwd" VALUE="FIs62N_pz1yL7?l|C">

INPUT TYPE="hidden" NAME="passwd" VALUE="smtgrf">

The first is the username. The second is the user's encrypted password. The third is the user's clear text password! If your browser does not support don't worry. Filemanager.htm is stored in the Temporary Internet Files directory. Copy this file to another directory and change the file extention to TXT then view through Notepad.

3) From here on in the encrypted password is used.

4) After leaving Geocities filemanger is still there in the Temp Net Files directory.

What does this mean then? Well if you can get access to a machine that you know someone has used to login to geocities you can get their ID and password from this file. Also look for updateprofile.htm. If you're not after anyone specifically then try scou ring public computers...like a school's, universitiy's, college's, library's or Internet Cafe's computers.