Comments on: ST701.com Classified Hack Part 2 http://www.hanneng.net/2007/11/28/st701com-classified-portal-hack-part-2/ Whatever and Anything Thu, 22 Dec 2011 09:44:26 +0000 hourly 1 http://wordpress.org/?v= By: hanneng http://www.hanneng.net/2007/11/28/st701com-classified-portal-hack-part-2/#comment-8666 hanneng Wed, 28 Nov 2007 04:14:12 +0000 http://www.hanneng.net/2007/11/28/st701com-classified-portal-hack-part-2/#comment-8666 Hi Bug, Thanks for your comments. I do aware that there is security concern in this method as I failed to highlight in the blog post. Hi Bug,

Thanks for your comments.

I do aware that there is security concern in this method as I failed to highlight in the blog post.

]]> By: Bug http://www.hanneng.net/2007/11/28/st701com-classified-portal-hack-part-2/#comment-8665 Bug Wed, 28 Nov 2007 04:07:48 +0000 http://www.hanneng.net/2007/11/28/st701com-classified-portal-hack-part-2/#comment-8665 Oh by the way, don't worry about people using this method to break ST701. It seems that the calls you are making are all valid HTTP operations, either POST or GET, with simple substitutions -- nothing illegal, just automated on the commandline instead of done manually through the browser. Nothing that ST701 should be able to block either. Oh by the way, don’t worry about people using this method to break ST701. It seems that the calls you are making are all valid HTTP operations, either POST or GET, with simple substitutions — nothing illegal, just automated on the commandline instead of done manually through the browser. Nothing that ST701 should be able to block either.

]]> By: Bug http://www.hanneng.net/2007/11/28/st701com-classified-portal-hack-part-2/#comment-8663 Bug Wed, 28 Nov 2007 03:59:51 +0000 http://www.hanneng.net/2007/11/28/st701com-classified-portal-hack-part-2/#comment-8663 In your first screenshot it looks like you're POSTing to ST701.com over an insecure connection. The POST address is of http:// and not https://. While you deserve kudos for a decent automation hack, do note (as I'm sure you're aware) that POSTing userids and passwords in the clear leaves them open to network sniffers. I'm surprised that ST701 hasn't taken greater efforts to secure their users' accounts. In your first screenshot it looks like you’re POSTing to ST701.com over an insecure connection. The POST address is of http:// and not https://. While you deserve kudos for a decent automation hack, do note (as I’m sure you’re aware) that POSTing userids and passwords in the clear leaves them open to network sniffers. I’m surprised that ST701 hasn’t taken greater efforts to secure their users’ accounts.

]]>