Penetration Testing mailing list archives

[PEN-TEST] HTML source code and authentication

From: "Skinner, Tim L." <tskinner () LARSONALLEN COM>
Date: Mon, 18 Dec 2000 13:12:41 -0600

Hi all,

I must first appologize about my general ignorance of HTML, but I've been
asked to look into this.  I have a question regarding the source code of a
web page that authenticates users.  The snipit of source code from the web
page in question is as follows:

#<H2><font color=9771824>Member Sign On</font></H2>
#<form name="signon" action="/scripts/ibank.dll" method=post>
#<INPUT TYPE ="HIDDEN" NAME=Func VALUE="SignOn">
#<INPUT TYPE=HIDDEN NAME=Frames VALUE="150">
#<INPUT TYPE ="HIDDEN" NAME=homepath VALUE="cu3">

It leaves me wondering if the referenced ibank.dll file is some
authentication program of some sort and if the availability of this
information simply by clicking on 'view source' is a potential problem.
Furthermore, is there a way to obscure this information if it is risk?

Current thread:

[PEN-TEST] HTML source code and authentication Skinner, Tim L. (Dec 18)
- Re: [PEN-TEST] HTML source code and authentication Bennett Todd (Dec 18)
- Re: [PEN-TEST] HTML source code and authentication c0ncept (Dec 18)
- Re: [PEN-TEST] HTML source code and authentication NetW3.COM Consulting (Dec 19)
- <Possible follow-ups>
- Re: [PEN-TEST] HTML source code and authentication Adams, Gavin (Dec 18)
- Re: [PEN-TEST] HTML source code and authentication Yonatan Bokovza (Dec 18)
- Re: [PEN-TEST] HTML source code and authentication Chris Tobkin (Dec 18)
  - Re: [PEN-TEST] HTML source code and authentication Martijn Prummel (Dec 19)