Below is pretty much it. Beyond this portion is text and graphics unrelated to the script. I have seen other posts and sites that suggest th password is right out in the open. Running the script brings up the prompt but that's it.
I have removed any reference to what the site is in case the password is indeed that easy to get.
<p><img src=Graphics/fflscript2.jpg alt="" height="129" width="612" border="0"></p>
<p><b><font size="+3">Reference Document Center</font></b></p>
If you have not been given your xxxxxx Password to access these documents</p>
<p>Please call our customer service line to get yours. 1-800-xxxxxxxxx</p>
<p><a onclick="CSAction(new Array(/*CMP*/'2A2D2654'));return CSClickReturn()" href="#" csclick="2A2D2654">Documents </a><font size="-1">(for those with an old password use only the first 7 characters)</font></p
How do you mean? I certainly don't know any sites that use font tags anymore and certainly no-one uses client-side scripting for logins, just take the forum's you have been on, I would wager all of them used some kind of server-side authentication to login to make mosts in the first place.
Fonts....whatever. I was more interested in someone 'showing' me that using that form of script is vulnerable. It seems just like the other forums it's apparently not the thing to do, but no one is actually able to demonstrate why. Just talk about it.
Oh and by the way, don't drink aspartame.. 'they say' it's bad for you.
Just take my word for it.
Ok so in the initial post is the source from that part of the page.
Where does it show the specific location of the file where the login details are held.