How to bypass a login page from a form submit

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • hmmboldt
    New Member
    • Jun 2010
    • 5
    #1

    How to bypass a login page from a form submit

    I have a bit of a strange problem. I thought it would be possible at first but now I don't know.

    I have a friend who licenses a service from a website, they give him client logins and he lets his clients have access to some of the features. What he wants is this:

    1. His client goes to his website and enters login information. They hit submit.

    2. The site then goes over to the third party site, enters the clients login info and hits submit.

    We essentially want to mask that third party sites login page from the user. They can see it for a second but they never have to go there and enter their information.

    Possible? I keep thinking it would work if we launch a pop up but that's where my knowledge totally putters out. Any help would be greatly appreciated! Thanks!
    Tags: autofill, bypass, javascript, login, script
    • gits
      Recognized Expert Moderator Expert
      • May 2007
      • 5390
      #2
      are those second login credentials the same as for the first one? ... there is nothing you could really do with JavaScript here ... since it is another domain and trying to script something would be considered as a XSS = cross site scripting attack that a browser wouldn't allow. you would need to know how the login of the third party page would work ... perhaps you might pass the credentials through an url-querystring directly so that the login-form could be avoided for example ... so it could be that:

      Code:
      http://some-url.domain?user=foo&password=bar
      would work. you would need to check the loginpage's source to identify the field-names and adapt the shown query-string to your needs

        Comment

        • hmmboldt
          New Member
          • Jun 2010
          • 5
          #3
          Yes this totally makes sense! The login credentials would be the same.

          I am waiting for a set of temporary credentials, I will give it a try. That definitely seems a lot easier too. Hope it works! Thanks so much.

            Comment

            • hmmboldt
              New Member
              • Jun 2010
              • 5
              #4
              ack. unfortunately this doesnt work. It just sits there on the login page.

              Would I have to do anything special if the fields were set to user.username and user.password?

                Comment

                • gits
                  Recognized Expert Moderator Expert
                  • May 2007
                  • 5390
                  #5
                  what is the form action? ... how does your url basically look like?

                    Comment

                    • hmmboldt
                      New Member
                      • Jun 2010
                      • 5
                      #6
                      Originally posted by gits
                      what is the form action? ... how does your url basically look like?
                      this is on the ../ch/dashboard page

                      Code:
                      <form action="/ch/login" method="POST">
			
			<fieldset>
				<p>
				</p>

				<p><label for="chUsername">Username: </label>     <input type="text" id="user.username" name="user.username" value="" class="focusOnMe"    >

 </p>
				<p><label for="chPassword">Password: </label>     <input type="password" id="user.password" name="user.password" value=""     >

 </p>
				<button type="submit" class="btnLogin"><span>Log in</span></button>
				
				<input type="hidden" name="destination" id="destination" value="/ch/dashboard" />
			</fieldset>			
		</form>

                        Comment

                        • gits
                          Recognized Expert Moderator Expert
                          • May 2007
                          • 5390
                          #7
                          Originally posted by hmmboldt
                          this is on the ../ch/dashboard page

                          Code:
                          <form action="/ch/login" method="POST">
			
			<fieldset>
				<p>
				</p>

				<p><label for="chUsername">Username: </label>     <input type="text" id="user.username" name="user.username" value="" class="focusOnMe"    >

 </p>
				<p><label for="chPassword">Password: </label>     <input type="password" id="user.password" name="user.password" value=""     >

 </p>
				<button type="submit" class="btnLogin"><span>Log in</span></button>
				
				<input type="hidden" name="destination" id="destination" value="/ch/dashboard" />
			</fieldset>			
		</form>
                          the url should look like:
                          Code:
                          http://.../ch/login?user.username=foo&user.password=bar
                          it might be that it will not work, when the serverside script explicitly awaits POST parameters (with the url we just send it via GET) ... then you cannot really bypass the page ... except by asking the provider to get a possibility that you might use.

                            Comment

                            • hmmboldt
                              New Member
                              • Jun 2010
                              • 5
                              #8
                              Yeah it just doesn't go.

                              I have pretty much told my friend the same thing. He needs to ask them for some help with this one.

                              Thank you so much for all of the help!

                                Comment

                                Previous template Next
                                Working...