edbrowse-dev - development list for edbrowse
 help / color / mirror / Atom feed
From: Dominique Martinet <asmadeus@codewreck.org>
To: Chuck Hallenbeck <chuckhallenbeck@gmail.com>
Cc: Edbrowse Development <edbrowse-dev@lists.the-brannons.com>
Subject: Re: [Edbrowse-dev] Signing into my Amazon account
Date: Sat, 6 Jan 2018 13:20:02 +0100	[thread overview]
Message-ID: <20180106122001.GA15436@nautica> (raw)
In-Reply-To: <alpine.DEB.2.21.1801060711290.9659@debian.pulsar.com>

Hi Chuck,

Chuck Hallenbeck wrote on Sat, Jan 06, 2018:
> The file containing the failed signin is only about 3K, and can be
> fount here:
> 
> www.panix.com/~chuxroom/signing-in.txt

I'm not going to be very helpful regarding the js errors themselves, but
if your password is six numbers followed by two letters I'd advise you
to change reasonably quickly as it was written in play text lower in the
logs.
The password is sent in plain-text in a post value that is printed at
db3 later on.


We can reproduce the js problem, although it's actually the two errors
you get while loading the sign in page (so before what you posted) that
matter since that's the time js will manipulate the form values before
posting.
I'm not sure I'll be of much help but I'll try to look at it, even if
the code is obfuscated it should still run in duktape...

-- 
Dominique

      reply	other threads:[~2018-01-06 12:17 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-05 19:54 Chuck Hallenbeck
2018-01-05 20:35 ` Dominique Martinet
2018-01-05 20:53   ` Chuck Hallenbeck
2018-01-05 22:19     ` Kevin Carhart
2018-01-05 22:04   ` Karl Dahlke
2018-01-05 22:55     ` Kevin Carhart
2018-01-05 23:40     ` Chuck Hallenbeck
2018-01-06 12:12   ` Chuck Hallenbeck
2018-01-06 12:20     ` Dominique Martinet [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180106122001.GA15436@nautica \
    --to=asmadeus@codewreck.org \
    --cc=chuckhallenbeck@gmail.com \
    --cc=edbrowse-dev@lists.the-brannons.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).