bypass javascript authentication

Some year ago I have come across a site that had a private section accessible only through an authentication form.

I don't like register myself!

So I look at the html source and I find a code like this:
http://javascript.internet.com/passwords/login-coder.html.
"uhmmm... javascript... g00d" I thought (-:

In html source page that use this type of autentication you can find a tag like: <option value="John Smith|42691|NGLOQEMM">.
The goal is to find 42691 as password result and, in combination with NGLOQEMM, the page that permits you to bypass authentication.

The makehash function generates the linear diophantine equation:

 7
---
 \    x_i * c^(7-i) = <goal>
 /
---
i=0

with  0 < x < 27 and c = 3 | 10; x € N )

I write jsauthsux to solve it (-:

I added also dictionary attack.

To use:

./jsauthsux -g <goal> -p <page> [-d <wordlist>]

in our example:
<goal> = 42691
<page> = NGLOQEMM
<wordlist> = filename of wordlist for dictionary attack

This output shows the couple password - page.

If you don't find a significant result inside _all_ possible solution displayed, use:

$ ./jsauthsux -g 42691 -p NGLOQEMM > log.txt
$ sed -e 's/^.\{11\}\(.\+\)$/http:\/\/yoursite\/\1.html/g' \
  log.txt > log.url
$ wget -i log.url