I don't know of any script that does this, but that’s not saying that one doesn't exist. I don't know what software your using, but all passwords should be stored in encrypted format to help deter the use of scripts like this. They may be able to view the contents of the password field but not actually get the password. But that doesn't mean that your passwords will be 100% protected. If the encryption method is known a script or program could be written to compare the encrypted 'guess' with the encrypted password for equality. If both are the same then the 'guess' would be the password.
Matt > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 20, 2003 5:29 PM > To: [EMAIL PROTECTED] > Subject: [PHP] lurker awakes > > Hi guys, > we have been silent observers to this list over the last few weeks. > most of our web-app development is done in cold fusion, and i am still > coming to terms with php, our involvement with the language to date has > been via phpnuke. > > a while ago one of our tech guys showed me the output of a php page which > showed our system passwords - > since then he has subsequently moved on, we have changed all our passwords > etc.. > > my q: > does anyone have any knowlege about this type of script? > does anyone have a copy of it, so i can make sure there are no copies of > it on my system - it would be a hell of a backdoor to leave on our server. > Steve Soars > > > ------------------------------------------------------------------------ -- > ------ > > www.i-redlands.net > > Interactive Redlands > Shop 2 Cleveland Town Square > Cnr Queen & Bloomfield Sts > Cleveland QLD 4163 > > [p] 07 3821-5800 > [f] 07 3821-5811 > > "what we do in life > echoes an eternity" > > > ------------------------------------------------------------------------ -- > ------ > > > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.462 / Virus Database: 261 - Release Date: 3/13/2003 > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.462 / Virus Database: 261 - Release Date: 3/13/2003 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
