A Snippet of Admin Interface Code

8 07 2011

Geeks will understand what this and see how it matches certain screenshots that were circulated. Non geeks, don’t worry!

$r6q=@mysql_query("select attempt from failedlogin where `user`='$user' ");
$num6=@mysql_num_rows($r6q);
if($num6>0){
print("
Possible SL PW(s): ");
if(strtolower($user)=="vasilisa shilova"||
strtolower($user)=="zfire xue"){
print("<font color="red">Protected");
}else{
while($r6=mysql_fetch_array($r6q)){
print($r6[attempt]."
");
}//while
}//protection
}

It is funny how things work out. zFire’s code was designed to harvest failed logins at his site where people had to use their SL username, in the hope he would harvest SL passwords.

But the most frequent users of that site had aliases, like Crackerjack for instance. And in some cases they might make a different mistake. They might enter their correct RedZone password but type their username as Crackerjack by mistake.

These people would show up in the database as having the same password for an SL/RedZone username as for the forum name. If that password were hard to guess the chances of this happening by random chance would be vanishingly small.

Wouldn’t you agree Roland?

About these ads

Actions

Information

One response

8 07 2011
Kelmar

Code like that makes me cry, its any wonder his shit worked at all…. Oh wait…. Yeeaaaaaaa




Follow

Get every new post delivered to your Inbox.

%d bloggers like this: