将用户名列表以明文形式发送给浏览器以供JavaScript自动补全，还可以通过使用唯一的用户id调整URL查询字符串来查看用户数据，这可以从自动补全功能中收集到。

Windows 95和98有史上最严重的漏洞。如果你只是按下取消，你将以管理员权限登录:)在我爸爸的工作中度过了美好的时光:D

我曾经黑过Novel Login (DOS提示)。我写了一个C程序来模拟登录提示符，并将登录/密码写入文件，并输出无效的密码。

我在大学时代过得很开心。

Right at the start of the .com era, I was working for a large retailer overseas. We watched with great interest as our competitors launched an online store months before us. Of course, we went to try it out... and quickly realized that our shopping carts were getting mixed up. After playing with the query string a bit, we realized we could hijack each other's sessions. With good timing, you could change the delivery address but leave the payment method alone... all that after having filled the cart with your favorite items.

在文本框中输入1=1将列出系统中的所有用户。

我不知道这是不是最糟糕的，因为我见过一些非常糟糕的，但是:

几年前，我工作的地方引进了一个叫做FOCUS的系统。不知道它还在不在。它非常适合做报告，我们开发并教了大约一千两个非It人员如何生成他们自己的报告。非常方便。他们可以做基本的报告，一些人可以做中等难度的工作，IT可以帮助处理较难的工作。

所有用于报告的数据都被定期复制到FOCUS自己格式的影子数据库中。对于更敏感的数据，我们设置安全选项，加密数据。一切都很好。

So, one day my boss calls me in, and we've lost the password to one of the sensitive databases. It's going to be hard to reproduce the data in this case, so he asks me to see if I can break the security. I had no experience as a hacker, so it took me about 5 or 6 hours to hand him the password. I started by creating some test files, and encrypting them with different passwords. I found that changing one character in the password would change two bytes in the encrypted file, specifically, the high nybble of one byte, and the low nybble of another byte. Hmmmm, says I. Sure enough, they stored the password somewhere in the first 80 bytes of the encrypted, but obfuscated the password by splitting the bytes into nybbles, and storing them in predictable places.

不久之后，我们就编写了一个REXX脚本，该脚本在VM/CMS系统下运行，可以告诉我们任何加密数据库的密码。

那是很久以前的事了——在90年代初，我相信他们已经解决了这个问题。嗯，非常确定。