Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Is This An Admin Login?
Date: March 23, 2007 05:33AM

Tested in Firefox and Opera, need to have cookies enabled. The URL contains some interesting fields also. My bookmark https://cprodmasx.att.com/commonLogin/igate_wam/controller.do?TAM_OP=login&URL=/account&HOSTNAME=cprodmasx.att.com seems to be causing me to be directed to this URL....

Go here: https://cprodmasx.att.com/commonLogin/igate_wam/controller.do?TAM_OP=login&USERNAME=unauthenticated&ERROR_CODE=0x00000000&ERROR_TEXT=Successful%20completion&METHOD=GET&URL=%2F&REFERER=&HOSTNAME=cprodmasx.att.com&AUTHNLEVEL=&FAILREASON=&OLDSESSION=

once the page produces an error remove everything from after the .com/ in addressbar so its https://cprodmasx.att.com/ It then gives you a login form which is not the login form for customer accounts and also cannot login using my customer login. After accessing the first URL again I am presented with a page that just displays this image https://cprodmasx.att.com/pics/iv30.gif

This problem has been occurring for me when I try to login to my account for the past 2 months after ATT did some updates to the website. After all this if I go to my bookmark it will provide me with the customer login form and logging in sometimes takes me to that image, but trying again it lets me into my account.

I found this out http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.itame.doc_5.1/am51_webinstall302.htm

"WebSEAL is a high-performance, multi-threaded Web server that applies fine-grained security policy to the Tivoli Access Manager protected Web object space. WebSEAL can provide single sign-on solutions and incorporate back-end Web application server resources into its security policy. WebSEAL normally acts as a reverse Web proxy by receiving HTTP/HTTPS requests from a Web browser and delivering content from its own Web server or from junctioned back-end Web application servers. Requests passing through WebSEAL are evaluated by the Tivoli Access Manager authorization service to determine whether the user is authorized to access the requested resource. [Source: IBM Tivoli Access Manager & WebSEAL]"



Edited 1 time(s). Last edit at 03/23/2007 03:06PM by CrYpTiC_MauleR.

Options: ReplyQuote
Re: Is This An Admin Login?
Posted by: FR3DC3RV
Date: March 24, 2007 02:43PM

I didn't managed to acess the login form that the displays that certain image(in IE7).
It's strange.

-------------------------------
http://fr3dc3rv.blogspot.com

Options: ReplyQuote
Re: Is This An Admin Login?
Posted by: rsnake
Date: March 24, 2007 03:17PM

I read this, but it's difficult to tell what the purpose of that login function is. It may only be used for testing or something. I wouldn't make assumptions about it's use from what I can see from the outside.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Is This An Admin Login?
Date: March 24, 2007 10:38PM

Below is the HTML for the form. Indeed it is strange I'm assuming its something to do with my browser settings, or possibly could even be the IP I use since its an ATT IP. All I know I probably shouldn't be getting directed to it. Just happens every single time I try to login to my account, takes me a couple of minutes to eventually login more of a hassle to me right now.

<SCRIPT language="JavaScript">
<!-- 
document.cookie = "IV_JCT=%2FcommonLogin; path=/";
//--> 
</SCRIPT>
<!--WAM-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>



<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<meta name="GENERATOR" content="IBM Software Development Platform">
<meta http-equiv="Content-Style-Type" content="text/css">
<title>cGate Login</title>
</head>
<body>

<P><IMG border="0" src="/commonLogin/igate_wam/staticContent/images/uverse/att_horiz_color_sml.jpg" width="103" height="60">
<BR>
</P>
<FONT color="red">

</FONT>
<form name="loginFormBean" method="post" action="/commonLogin/igate_wam/login.do">

	<table border="0">
		<tbody>
			<tr>
				<td>User-ID:</td>

				<td><input type="text" name="userid" value="" title="Enter your user ID"> </td>
			</tr>
			<tr>
				<td>Password:</td>
				<td><input type="password" name="password" value="" title="Enter your password"></td>
			</tr>
		</tbody>
	</table>



	<br>

	<br>
	<input type="submit" value="Login">
</form>
<script type="text/javascript" language="JavaScript">
  <!--
  var focusControl = document.forms["loginFormBean"].elements["userid"];

  if (focusControl.type != "hidden") {
     focusControl.focus();
  }
  // -->
</script>

</body>
</html>

Options: ReplyQuote
Re: Is This An Admin Login?
Posted by: Tomato
Date: September 04, 2009 09:10AM

CrYpTiC_MauleR Wrote:
> <!--
> document.cookie = "IV_JCT=%2FcommonLogin;
> path=/";
> //-->
>

Above is a cookie inserted by Tivoli Access Manager (WebSEAL) made by IBM.

It very well may be an admin logon, or they might just use TAM to authenticate users on their website.

Options: ReplyQuote


Sorry, only registered users may post in this forum.