Protoview (Front Page WebBots)

Ok, I have been keeping this one to myself long enough now. The other day I was on Protoview's web site trying to get some info about their serial number format.

Anyway they have a web page to register your product online. I thought that sounded pretty interesting so I went to it and viewed the source forthe page. Here's a little snippet I found in the source:

//--></script><form method="POST" action="_vtl_bin/shtml.dll/register/register.htm" onsubmit="return FrontPage_Form1_Validator(this)" name="FrontPage_Form1" webbot-action="--WEBBOT-SELF--"> <!--webbot bot="SaveResults" u-file="_private/regonline.txt" s-format="TEXT/TSV" s-label-fields="TRUE"

Do you see what I see? The FrontPage webbot is posting all this information to a text file. So why don't you put this URL into browser and see what's there:

http://www.protoview.com/_private/regonline.txt

Wow, serial numbers, cd keys, names, addresses, etc.

Now if you want to see this file, you better act fast because tomorrow I am going to let Protoview know about this weakness in their system (you know, for the privacy of their customers).

-------UPDATE: Protoview has fixed this problem but I still see this all the time. You can also use this method to bypass web pages that require you to register for a demo.

Disclaimer: This information must only be used for academic purposes to study different licensing techniques and must not be used to infring the copyrights of these companies. It must not be used to pirate software or encourage software piracy or to engage in any illegal activity. All instructions are provided as-is and are not supported by either the software producers or the owners or operators of this web site or anyone else for that matter. Before using any of these licensing techniques you must first get approval from the softare producer and/or have already purchased this software. Please refer to the Terms of Use for more information.

All trademarked names are registered trademarks of their respective companies.