Mero Mobile is one of the two GSM service providers in Nepal. It is run by Spicenepal, Krishna Tower, Baneshwor, Kathmandu, Nepal. This blog has been started to educate people about what kind of flaws can exist in a system and how they can be exploited. Some flaws can be may not be realized as a flaw but it can be exploited to harm someone.
Mero mobile seems to have flaws because the main programming of pages has been done in Javascript (which is client side scripting) so by editing the javascript many things can be changed.
Like for example, if you type a message of length more than 160 characters, you get an error saying that you cannot type in more than 160 characters. However, this check has been done in javascript hence can be modified to increase the characters allowed. I have successfully sent messages with about 250 characters. This can be done by changing the 160 to 235 in the spicenepal page. This change can be brought about either by installing programs such as Proxomitron and configuring them to change 160 in the such pages or by saving the page offline, editing it and opening it after logging in.
Lets discuss these methods in details. Use any one of these methods.
Method 1: Using Proxomitron
---------------------------
01. Download Windows Version of Proxomitron from http://www.geocities.com/khattam_khattam/proxo.zip . For other operating systems, please Google.
02. Extract it to some place such as c:\proxomitron using WinZIP from http://www.winzip.com or WinRAR from http://www.rarlab.com or use the WinXP or Vista default zip handler.
03. Run the proxomitron. It will be available at the system tray in the lower right corner of your desktop. Click it to see the program.
04. Click on the "Web Page" button.
05. Click on new.
06. In the filter name, type in any name. I choose "Mero SMS 235 Chars"
07. In the url match, enter http://
08. In the Matching Expression, type in "160".
09. In the Replacement Text, type in "235".
10. Click OK.
11. Tick next to "Mero SMS 235 Chars" in the list that appears to enable it.
12. Click on "Apply" then "OK". And then close the proxomitron dialog.
13. Now, open up Firefox. If you don't have it download it. It is the best web browser and is secure and a lot better than the old Internet explorer.
14. Click on Tools>Options>Network>Settings>Manual Proxy Configuration.
15. Enter "localhost" without quotes in HTTP Ptoxy field and "8080" without quotes in the Port field.
16. Click OK>OK to close all the dialogs.
17. Now open http://www.spicenepal.com and then login and when you reach the "Sending SMS" page, you'll see that you're now able to send messages upto 235 characters.
Method 2: Manually Editing the Page
-----------------------------------
01. Login to http://www.spicenepal.com and then go to the sms sending page via Mozilla Firefox.
02. Click on View>Page Source and save the page source. I saved it as "mero.html" in the Desktop.
03. Then open the mero.html in Notepad and find all the "160" (without quotes) in the page and change them to 235 and save the file.
04. Now, login to http://www.spicenepal.com and without logging out, open the file you have saved earlier in Firefox and then type in message of length upto 235 characters. It works. To send another message, simply go back and repeat.
Thats all for now. See you all later.
Subscribe to:
Post Comments (Atom)
1 comment:
keshab nyoupane
Post a Comment