Today I encountered an interesting problem. I had set a password on a web-site and "remembered" in in Internet Explorer. Unfortunately I then (in a rare moment of idocy) deleted the email with the password on it. So how to recover it?


Simply visit the site with the password typed in (hidden by asterisks) and then paste this lovely javascript into the address bar –

javascript:(function(){var s,F,j,f,i; s = ""; F = document.forms; for(j=0; j<F.length; ++j) { f = F[j]; for (i=0; i<f.length; ++i) { if (f[i].type.toLowerCase() == "password") s += f[i].value + "\n"; } } if (s) alert("Passwords in forms on this page:\n\n" + s); else alert("There are no passwords in forms on this page.");})();

Works in IE6, IE7 and Firefox!

Even works with Firefox’s "Master" password which is meant to protect all your other passwords! What an obvious browser exploit if ever there was one!

Leave a Reply