IT-School hacked, updated
Last time I said the IT-School was hacked. I still think so.
Today it is hacked again. Do you want me to post the codes? Yes? Here, unedited: (Skip if you don’t want it)
dc9
<HTML>
<head>
<title>迦密主恩中學內聯網系統</title>
<meta http-equiv="Content-Type" content="text/html; charset=big5">
<style type="text/css">
<!–
.fieldtext1 { font-family: "Verdana", "Arial", "Helvetica", "sans-serif"; font-size: 9pt}
.messagetext { font-family: "新細明體"; font-size: 9pt; color: ##FFFFFF}
–>
</style>
<script language="Javascript" src="/it-school/js/md5.js"></script>
<SCRIPT language="JavaScript" SRC="/it-school/js/roller.js"></SCRIPT>
<script language="JavaScript">
<!–
function MM_preloadImages() { //v3.0
var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
if (a[i].indexOf("##")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}
function MM_swapImgRestore() { //v3.0
var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
}
function MM_findObj(n, d) { //v3.0
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document); return x;
}
function MM_swapImage() { //v3.0
var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
}
//–>
<!– Script by David Laui 8-18-2000 –>
function show_itschool() {
document.forms[’form1′].submit();
}
</script>
</head>
<SCRIPT language=’javascript’>
function validate(){
thisform = document.form1;
v = true;
if (thisform.userloginid.value == ‘’){
v = false;
thisform.userloginid.focus();
}
if (v && thisform.password.value == ‘’){
v = false;
thisform.password.focus();
}
if (v)
thisform.elements["password"].value = MD5(thisform.elements["password"].value);
return v;
}
function login() {
if (validate())
document.forms["form1"].submit();
}
function cancel() {
var form = document.forms["form1"];
form.elements["userloginid"].value = "";
form.elements["password"].value = "";
}
function setLanguage(lang) {
document.forms["form1"].elements["language"].value = lang;
if (lang == "zh") {
document.images["B_" + "2"].src = ImageOn[’2′].src
document.images["B_" + "3"].src = ImageOff[’3′].src
} else {
document.images["B_" + "2"].src = ImageOff[’2′].src
document.images["B_" + "3"].src = ImageOn[’3′].src
}
return;
}
function moveWindow(){
var winWidth = (self.outerWidth ? self.outerWidth : document.body.offsetWidth);
var winHeight = (self.outerHeight ? outerHeight : document.body.offsetHeight);
self.moveTo((screen.availwidth - winWidth)/2, (screen.availheight - winHeight)/2);
}
</SCRIPT>
<body background="/it-school/images/login/bg.jpg" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" onLoad="MM_preloadImages(’/it-school/images/login/login_button_login_on.gif’);moveWindow()">
<center>
<form name=’form1′ method=’post’ action=’login_do.php3′ ONSUBMIT=’return validate()’>
<table border="0" cellspacing="0" cellpadding="0">
<tr>
<td><img src="/it-school/images/login
45
/login_01.gif"></td>
</tr>
<tr>
<td><img src="
a78
/it-school/images/login/login_02a.gif"></td>
</tr>
<tr>
<td background="/it-school/images/login/login_username.gif"><img src="/it-school/images/login/trans.gif" width="130" height="35" align="absmiddle">
<input type="text" name="userloginid" class="fieldtext1">
<SCRIPT LANGUAGE=’javascript’>
document.forms[’form1′].elements[’userloginid’].focus();
</SCRIPT>
</td>
</tr>
<tr>
<td background="/it-school/images/login/login_password.gif"><img src="/it-school/images/login/trans.gif" width="130" height="35" align="absmiddle">
<input type="password" name="password" class="fieldtext1">
</td>
</tr>
<tr>
<td background="/it-school/images/login/login_fieldbg.gif"><img src="/it-school/images/login/trans.gif" width="130" height="31" align="absmiddle">
<input type="radio" name="language" value="zh" checked>
<img src="/it-school/images/login/login_zh.gif" align="absmiddle">
<input type="radio" name="language" value="en">
<img src="/it-school/images/login/login_en.gif" align="absmiddle"></td>
</tr>
<tr>
<td background="/it-school/images/login/login_message.gif">
<table border="0" cellspacing="0" cellpadding="0" background="">
<tr>
<td><img src="/it-school/images/login/trans.gif" width="30" height="8"></td>
<td valign="top" class="messagetext"><img src="/it-school/images/login/trans.gif" width="232" height="10"><br>
</td>
<td valign="top"><a href="javascript:login()" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage(’Image1′,'’,'/it-school/images/login/login_button_login_on.gif’,1)"><img src="/it-school/images/login/login_button_login_off.gif" border="0" name="Image1"></a><img src="/it-school/images/login/trans.gif" width="22" height="1"></td>
</tr>
</table>
</td>
</tr>
<tr>
<td><img src="/it-school/images/login/login_footer_01.gif" usemap="#Map2" border="0"><map name="Map2"><area shape="rect" coords="175,9,317,32" href="http://www.myit-school.net" target="_blank" alt="科訊網" title="科訊網"></map></td>
</tr>
<tr>
<td><img src="/it-school/images/login/login_footer_02.gif" usemap="##Map" border="0"><map name="Map"><area shape="rect" coords="166,11,231,30" href="javascript:window.close()" target="_self" alt="關閉登入視窗" title="關閉登入視窗"></map></td>
</tr>
</table>
<INPUT TYPE=image SRC="/it-school/images/trans.gif" BORDER=0>
</form>
</center>
</HTML>
</webprint>
0
The code ends. As you can see, there are alphabets and numbers scattered around that shouldn’t be there. This really can’t be accident.
But, well, this time I think it can be an accident. Someone like Leonado uploaded this old file.
I still can’t log in to IT-School. Irritating.
