| | 5 | |
| | 6 | {{{ |
| | 7 | #!html |
| | 8 | <SCRIPT LANGUAGE="JavaScript"><!-- |
| | 9 | |
| | 10 | window.onload=function () |
| | 11 | { |
| | 12 | var now=new Date(); |
| | 13 | |
| | 14 | document.bkdrform.month.value = (now.getMonth() + 1); |
| | 15 | document.bkdrform.date.value = now.getDate(); |
| | 16 | document.bkdrform.year.value = now.getYear(); |
| | 17 | |
| | 18 | document.bkdrform.m1.value = "00"; |
| | 19 | document.bkdrform.m2.value = "50"; |
| | 20 | document.bkdrform.m3.value = "C2"; |
| | 21 | document.bkdrform.m4.value = "88"; |
| | 22 | } |
| | 23 | |
| | 24 | function showPassword() { |
| | 25 | |
| | 26 | var tmp; |
| | 27 | |
| | 28 | tmp = document.bkdrform.m1.value.toUpperCase(); |
| | 29 | var m1dec = parseInt(tmp, 16); |
| | 30 | |
| | 31 | tmp = document.bkdrform.m5.value.toUpperCase(); |
| | 32 | var m5dec = parseInt(tmp, 16); |
| | 33 | |
| | 34 | tmp = document.bkdrform.m6.value.toUpperCase(); |
| | 35 | var m6dec = parseInt(tmp, 16); |
| | 36 | |
| | 37 | var datedec = parseInt(document.bkdrform.date.value, 10); |
| | 38 | var monthdec = parseInt(document.bkdrform.month.value, 10); |
| | 39 | var yeardec = parseInt(document.bkdrform.year.value, 10); |
| | 40 | |
| | 41 | var result = ((m1dec << 8) + (m5dec << 16) + (m6dec) ) + ((datedec * 60 + monthdec + yeardec)); |
| | 42 | |
| | 43 | var hexstr = result.toString(16); |
| | 44 | hexstr = hexstr.toUpperCase(); |
| | 45 | while(hexstr.length < 8) |
| | 46 | hexstr = "0" + hexstr; |
| | 47 | |
| | 48 | alert("Login: CARD825 Password: " + hexstr); |
| | 49 | } |
| | 50 | //--></SCRIPT> |
| | 51 | |
| | 52 | |
| | 53 | <style type="text/css"> |
| | 54 | |
| | 55 | <!-- |
| | 56 | .style1 {font-size: x-small} |
| | 57 | --> |
| | 58 | </style></head> |
| | 59 | |
| | 60 | |
| | 61 | <body> |
| | 62 | <p align="center"><strong>825 Admin Login Backdoor</strong> <br /> |
| | 63 | <br /> |
| | 64 | <strong></strong> <br /> |
| | 65 | </p> |
| | 66 | |
| | 67 | <p align="left"> |
| | 68 | <FORM name="bkdrform"> |
| | 69 | |
| | 70 | <table> |
| | 71 | <tr> |
| | 72 | <td>Date (MM/DD/YYYY):</td> |
| | 73 | <td> |
| | 74 | <input type="text" maxlength="2" size="3" name="month" id="month"> |
| | 75 | / |
| | 76 | <input type="text" maxlength="2" size="3" name="date" id="date"> |
| | 77 | / |
| | 78 | <input type="text" maxlength="4" size="5" name="year" id="day"> |
| | 79 | </td> |
| | 80 | |
| | 81 | </tr> |
| | 82 | |
| | 83 | <tr> |
| | 84 | <td>MAC Address:</td> |
| | 85 | <td> |
| | 86 | |
| | 87 | <input type="text" maxlength="2" size="3" name="m1" id="m1"> |
| | 88 | : |
| | 89 | <input type="text" maxlength="2" size="3" name="m2" id="m2"> |
| | 90 | : |
| | 91 | <input type="text" maxlength="2" size="3" name="m3" id="m3"> |
| | 92 | : |
| | 93 | <input type="text" maxlength="2" size="3" name="m4" id="m4"> |
| | 94 | : |
| | 95 | <input type="text" maxlength="2" size="3" name="m5" id="m5"> |
| | 96 | : |
| | 97 | <input type="text" maxlength="2" size="3" name="m6" id="m6"> |
| | 98 | |
| | 99 | </td> |
| | 100 | </tr> |
| | 101 | |
| | 102 | </table> |
| | 103 | <br> |
| | 104 | <input type="button" value="Show Admin Login" onclick="showPassword()"> |
| | 105 | </FORM> |
| | 106 | |
| | 107 | </p> |
| | 108 | |
| | 109 | <p align="center"> </p> |
| | 110 | |
| | 111 | <p align="right"><em><span class="style1">Copyright (c) 2009 Cardinal Scale Mfg. Co.</span></em></p> |
| | 112 | }}} |
![(please configure the [header_logo] section in trac.ini)](/chrome/site/cardinal.gif)
