The site isn't using https correct, but as soon as your request is made to the server it's done with https, if that's what you were wondering. Also the website for http://bucksfishingandcamping.com Alefannys other restaurant has a protected page too.
but as soon as your request is made to the server it's done with https
False.
On both cometpingpong.com/protected and bucksfishingandcamping.com/protected the code is virtually identical, this code shows that the login button simply reloads the page but expects POST data.
See line 1 below.
The POST data is entered in the Password field.
This could probably quite easily be brute forced by someone more knowledgeable than myself.
<form action="" method="post" class="cc-protected-area">
<h1>
Password-protected area
</h1>
<br/>
<br/>
<p class="cc-protected-note">
This page is accessible with a valid password only.
</p>
<p class="cc-protected-note">
<br/>
Password:
</p>
<form>
<input name="password" type="password" id="password"/> <input name="do_login" type="hidden" id="login" value="yes"/> <input type="submit" name="Submit" value="Log in" class="submitUser"/>
</form>
</form>
view the rest of the comments →
NoRagrets ago
In the screenshot, the site is HTTP, as in, not HTTPS, as in, not encrypted...?
j_m_d ago
The site isn't using https correct, but as soon as your request is made to the server it's done with https, if that's what you were wondering. Also the website for http://bucksfishingandcamping.com Alefannys other restaurant has a protected page too.
NoRagrets ago
False.
On both cometpingpong.com/protected and bucksfishingandcamping.com/protected the code is virtually identical, this code shows that the login button simply reloads the page but expects POST data.
See line 1 below.
The POST data is entered in the Password field.
This could probably quite easily be brute forced by someone more knowledgeable than myself.