dodgerblue
Apr 26 2005, 05:59 PM
| | Problem:
The cookie for admin is set by default to one month for most scripts. This is dangerous because anyone can enter a certain script (which I won't paste here), and IE will auto-correct it, sending information to that person, who can then change the UID and log in to the site as admin!!
Solution:
If you're using IE to login to, clear your cookies, it's not too late!
Then, switch over to Mozilla.  You know you want to... |
Reply
GM-University
Apr 26 2005, 09:45 PM
This is for what, phpBB, IPB, other? Or for all IE browsers, in that case it would mean anyone using ti could access it anyways...
Reply
dodgerblue
Apr 26 2005, 10:02 PM
Last checked, yes, phpBB, Geeklog, Xoops... etc. All those scripts that lots of people here in this forum use... It's a IE exploit to do with the way IE reads vbscript tags.
Reply
CrashCore
Apr 26 2005, 10:06 PM
Who uses Internet Explorer anymore anyways? The only reason people use it anymore (since Firefox) is because of Micro$oft's brainwashing  Since when does IE auto-correct stuff without your consent? Where will Micro$oft stop?
Reply
Shadow
Apr 27 2005, 02:26 AM
And Microsoft gets worse.. That's not good because I still use IE(mainly cuz this isn't my comp to install things on). I guess it's a good thing no one has discovered my site yet since I change it so gawd damn much! But it's still an issue for the other 4 people who use this computer. Thanx for the info, I will be sure to inform the owner of this comp(my dad) and get him to switch to mozilla asap!
Reply
dodgerblue
Apr 28 2005, 02:47 PM
lol Shadow, actually, you can download Firefox for free here: http://www.mozilla.org/products/firefox/central.htmlCrashcore - yeah, when I checked my stats, about 80% of my visitors were on Firefox, 5% on Opera and only 12% on IE.  Let's hope more people catch on!!
Reply
Odyssey
Apr 30 2005, 06:46 PM
Well, thanks for notifying us! I currently run phpBB boards, and now have them updated accordingly to 2.0.14 . Also it seems that this problem is with any browser, but I use Mozilla Firefox anyways. Also, any one that still uses Internet Explorer, you should make the switch to Mozilla Firefox as soon as possible, I gurantee that you will like the switch, and to those of you who have toolbars, and spyware in Internet Explorer, you will not notice them in Firefox
Reply
MarCrush
Jun 2 2005, 02:08 AM
QUOTE(CrashCore @ Apr 26 2005, 03:06 PM) Who uses Internet Explorer anymore anyways? The only reason people use it anymore (since Firefox) is because of Micro$oft's brainwashing Since when does IE auto-correct stuff without your consent? Where will Micro$oft stop? Maybe in IE 7 (Microsoft is making right now) will stop this. But who knows. Most people use IE and it is impossible for everyone to switch over to Mozilla. Some sites don't even look good in Mozilla but yet again every user has their perfences.
Reply
Keeper
Jun 24 2005, 09:31 PM
Everyday before i turn off my comp, i clear cookies...  And i think it helps  _________________________________________ Keeper, Sons of the Dragon http://mercenaries.net.ru
Reply
TimothyA
Jun 25 2005, 06:10 AM
having cookies in your system means that someone can hijack them (steal them). If I understand the problem correctly you mean that you can basicly login under a different UID by changing your own cookiestring. To sad that this is only a small flaw as there is an exploit for most popular boards to modify the header being sent so your UID is changed to 1 (The admin in this case) or any other number. This exploit is doable with mozilla firefox and the right extensions installed.
Reply
Similar Topics
Keywords : cookie, security, vulnerability, youre, login
- Can't Login To Any Software On My Site
anyone know how to fix? (3)
[chsupport #ecn-115724]: Ftp/cpanel Login Problem
(7) Please take a look at this. Ticket ID: ECN-115724 Subject: FTP/Cpanel Login Problem Department: CH
Support Thanks.....
Cant Login To Cpanel On A Just Made Account O_o
(2) yes,i cant login i can login to normal panel but not to cpanel i get an error every time i login i
created a ticket some days ago and im not getting a responce please help me ThePro....
How To Make An Ultimate Game List.
If you're making a site on video games or such. (0) Hello. I am BuBBaG. You can call me Bubba for short. I'm going to show you how to make an
Ultimate Game List. First off, we need to make a database, we are going to call this database
`my_db`, leave out the `'s. Inside that database we will need to create a table
called `ugl'(Ultimate Game List, duh). To make the table, simply enter this in the Syntax.
CODE CREATE TABLE ugl ( System char(50), Game char(50), ) In the
above code, it is stating we are creating a table called ugl, with two columns, System, and Gam....
Security In Lan
(5) HeY Trapsters .. i have a question here to ask .. > My friend has a LAN connection in his office
.. its jus been 1 day n ther r viruses in his LAN .. he has Windows XP as his OS .. So his question
was wat kind of security can he get into his LAN so that it is safe from Viruses n external threats
.. ! Other than Firewall is ther any other security option for LAN >> ? And other suggestions
r also open !!. ......
Cpanel Help, Trouble Logging In.
Cannot login as it states "Login Attempt Failed!" (4) Before I was able to login within my Cpanel without problem but now I try to login and it states
"Login Attempt Failed!" which makes no sense. I made sure nothing was written incorrectly within
the fields but yet I get this error. ;-; I hope I wasn't hacked or anything.... anyone has any
idea of what this could mean?....
Login Script For Vbulletin.
(8) For some reason when I try to logon from the main page it doesnt work, it just brings me to the
forums unlogged. Anyone here have any ideas whats wrong with my coding? Heres the webpage:
www.ageofilluminati.com Heres the coding im Using: QUOTE
Forgot password? Register for free! ....
I Have Install Windows 2003 Server
I want multiple user to login my server (4) I have install windows 2003 server and some application like iis, share point, etc.my development
time want remote desktop for few user so I want multiple user to login my server but I have not
install active directory and I don’t want to install so tell me the best way to resolved the problem....
How To Make A Website
(If you're trying to drive people away from your site) (18) Alright so there are many topics out there of how to make a website that everyone will love and want
to go to, but I can't seem to find any about how to make a website that people will hate and try
to run away from, so here are some pointers for those who are trying to make the worst website:
Step one: COLORS Be sure to use a vivid and bright background color, and a non-noticeable text
color. Nothing wakes people wake up more than a florescent yellow background with white text. Make
people work to try to read your website. After all, you have some great content....
Simple Php Login And Registration System
(10) Hello. This is my first web tutorial ever. This is basically a simple register and login script.
Yes, I know it’s a bit rubbish but I’m quite new to PHP/MySQL. Here’s the register form. This can
be any file extension you like. I’d recommend calling it register.html . CODE
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html
xmlns="http://www.w3.org/1999/xhtml"> <head> <meta
http-equiv="Content-Type" content="text/ht....
Where To Go If You're Visiting Galveston Tx.
(1) So recently my family drove down to galveston for our second vacation this year. I didn't spend
quite as much time playing the Gulf of Mexico as i normaly would have, on account of a news report
that said there was a flesh eating virus in the water, /laugh.gif" style="vertical-align:middle"
emoid=":lol:" border="0" alt="laugh.gif" /> but it was cleared up so no need to worry, unless you
are diabetic, have a weakend immunity, or have large ulcers, or open soars on your feet. But
anyways, I'll share with you some of what i did /happy.gif" style="vertical-align:m....
20 Things To Do When You're Bored At Walmart
(12) 1.Make a trail of tomato juice leading towards the women's bathroom. 2.Ask to put a pack of gum
on layaway. 3.Put antifreeze in the freezer. 4.Hide in the racks of clothing and grab people's
ankles as they walk by. 5.Go into the fitting rooms and 5 min. later shout, "There isn't any tp
in here!!!" 6.*Holiday Season* Ask an employee why there are white and black santas, but
ne aboriganise santas. 7.Ride a display bike through the store and claim yo're taking it for a
test drive. 8.Frozen pizza frisbe 9.Marco Polo. 10.Hold a broomstick joust. 1....
Test Your Browser For Security
take the browser security test (11) test your browser for security holes: http://bcheck.scanit.be/bcheck/ This checks for the most
commonly occurring security vulnerabilities in the major browsers.In total there are some 40 tests
and may take a long time to finish. I have run this test on 4 browsers: 1)IE 7 : 0 vulnerabilities
(but the browser goes crazy, opening several windows and applications) 2)IE 6 : 1 medium risk (the
browser goes crazy like IE7) 3)Firefox 2.0.0.3: 1 medium risk (i think some plugin might have caused
this as some others have had different results) 4)Opera 9.2: 0 vulnerabilities ....
Innovative Login System
A new way to login to a website (17) Hi, I came across this website www.planmylifestyle.com which offers an innovative login system. In
the traditional login system, a user is asked to enter a username and password besides many other
personal information. In this website, to register the site creates an ID file that the user can
download to the local hard drive. After registration, to login to the website, the user has to
simply upload the registered ID file (browser and select ID file from local hard drive) and click on
the Login Button. The user is then taken to the website which seems to be a searc....
How To Improve Security Of Your Website?
Tips and tricks, important things... (3) First of all i want to apologize to moderators in case that they need to close this topic because
someone opened it before...I used search and i havent found anything...once again sorry if i missed
some topic... Getting to the point! What do we need to do to make our site secure? Daily
backups, deleting install files or something else? So please tell us more about site security!
I know it`s practically impossible to make site 100% hack free, but at least 80% we can do!
Advanced users share your advices with us-newbies! You ll get post count and we....
Website Security And Banning Certain Isp's
(6) I am baout to make a website and even make it so people can post stuff to ceratain pages. I know
how to make the basic password and username protected site but I do not know how to blovk isp's.
Are there any good ways to do this. What I mean is that if one member does somethign wrong I could
blovk his isp for a while or prevent him from psoting at all. If there is a way how could I even
find his isp? would that come from cookies? I am new to the security / site traffic software so I
really don't know. thanks....
Cpanel Exploit
security hole in cPanel to hack the servers of a hosting company (8) A pair days ago I read this new on Slashdot: cPanel Exploit Used to Circulate IE Exploit
QUOTE "In a dangerous combination of unpatched exploits, hackers have used a previously
undiscovered security hole in cPanel to hack the servers of a hosting company and use hundreds of
hijacked sites to infect Internet Explorer users with malware using the unpatched VML exploit.
cPanel, whose hosting automation software is used by many large hosting companies, has issued a fix.
It's a local exploit, meaning the attacker must control a cPanel account on the target hosti....
Cyber Cafe Security And Maintenance
Talking about how to get have more security and perfect maintenance in (3) Hi evry. i open this topic to talk about how to install securyty in a cybercafe. I'am an african
and in our country we have a lot of cyber cafe but wich are always confronted to security problems
wiche may be : virus , crashings of systems, or timing software always crack down by customers. The
popular timing software used in cyber cafe in africa and in my country is CYBERCAFE Pro. This timing
software has his own own built-in security but it did not guarantee al security necessary. According
to that i established a processus to get at least an default security iand ....
Flatfile User Login/signup
Uses text files only (compatable with forums and message system) (24) With this tutorial, you will learn how to create a textfile login script. This user membership
script is for use also with my forums and message system scripts. I will also give you the scripts
to make it so that people can change their profiles. Ok, The first thing we need to do is make the
database. To do this, create a blank text file called 'userdata.txt' , make sure it is ALL
LOWER-CASE. Edit this file and put
'**username|##|password|##|email|##|rank|##|userid|##|name|##|picture**'. This will not be
used, however it will give you an idea of how the....
Computer Admin Login With Lost Password?
Hack my own comp. (15) Im trying to fix some things on my acount but, i hava to be able to log into my Admin. acount. my
dad had the comp. before me and he forget the password to get into the acount. how do i hack into my
own computer to get the password, or is there any way of defragging my comp. without being a admin?....
Ultima Online Graphics Tutorial
Creating a custom login screen (2) I'm going to teach you how to create a custom login screen for Ultima Online. Ok, to start, you
need a program called MUL Patcher . Unzip that. Next what you will want to do is make backups of
-Gumpart.mul -Gumpidx.mul To do that, simply browse to your Ultima Online program folder
(generally something like c:\program files\ultima online 2d). I recommend just making a
copy of each file and changing the file extension of the copy to .MOD. Next, you want to open
Mulpatcher. On the settings tab (the one displayed by default), you need to tell it where ....
Windows Security Over Regedit
beginners guide: how to cheat windows (1) how to make windows secure over REGEDIT have you ever questioned yourself, how to hide the
complete desktop of a guestaccount? well, here is the way to get it; ---THE USER NEEDS ADMIN
RIGHTS FOR A SHORT TIME--- logon with the user u wanna manipulate . ---!!!--- click
on start/run and type "regedit". the registryeditor should come up and you should see your
computer registry with the hive-keys classes_root current_user local_machine etc. browse through
"hkey_current_user" and go to "software\microsoft\windows\currentversion\p....
Forgot Password To Trend Micro Internet Security
Is there a way to remove it? (5) One day I was bored so I set a password for our Web security software, Trend Micro Internet
Security. I turned on the URL filter, and now, whenever my friends send me something funny that has
no porn or anything in it, I get the Blocked error. I am really annoyed by this; I can't change
other setting in the software too. Is there any way to either reset the password or remove it,
without uninstalling Trend Micro?....
Your Favorite Card Game?
Tell about youre fav game here! (40) My Favorite game/games are: Uno Mad Gab Skip Bo Slap Jack And Rook Waz yours? Edited as
reported. Please use proper English words. ....
User Login And Tracking
(4) know vba with MSAccess but need to create a web app of an MS Access App. I need to make it multi
user with the user only being able to see and edit his own data. The db is quite simple and could
have only a single table, but could divide into one main table with a couple of relational tables.
I need the user to be able to login in and create his own password. I would want the user to have to
validate (e-mail) simular to registering for this forum. I noticed that this forum is PHP driven. I
thought that might be a better solution but a higher learning curve from vba t....
Simple Login In Visual Basic 6
user interaction example trough login programm (5) First of all, I am NOT a programmer, this is something my friend taught me. It describes basic
interaction with the user, while showing basic functionality of this simple programm. So, without
further ado, we're off to the tutorial: First of all, start your visual basic, when prompted
for new project, select Standard Exe . Next, we need to open code window, so we can start typing
the program. This can be done in two ways, one is double clicking on the form, or selecting Code
from View menu. If you double clicked on the form, you will see following text: CODE ....
Call Cookie Functions In Iframe
(2) I have got a page with an iframe. The iframe contains the cookie functions. How do I access the
cookie functions from the iframe? When I do the following Common I get the error 'Expected
identifier'. What is the solution? ....
How To Put A Phpbb Login Box On Your Main Site.
Code and .php included!!! (18) I have included my coded file with this... Ok here is the code. CODE // //Create login area,
replace the phpBB2 in /phpBB2/login.php with your forum's //directory // <form
action="/phpBB2/login.php" method="post" target="_top"> <table
width="25%" cellspacing="2" cellpadding="2" border="0"
align="center"> <tr> <td align="left"
class="nav"><a href="/phpBB2/index.php" class="nav">Prank Place
Forum Index</a></td>....
Php Simple Login Tutorial
Learn how to make a simple login! (63) I have been quite busy lately, trying to design and code my site (far from done XD). And after
having learned how to make a simple login, I will try to write my own tutorial, for you
/smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /> the tutorial Step 1
: The first step in designing a member system is to plan out exactly what you need. A common impulse
among programmers is to jump right in and start coding. I'll be honest and admit that I'm
guilty of this more so than anyone. However, since I'm in control of this conversation (y....
Complete Login System
With PHP + MYSQL (56) Its an complete login sistem made and tested by me and I think itwill be very usefull for people who
are tryn to learn PHP. First, let's make register.php: CODE <?
include("conn.php"); // create a file with all the database connections
if($do_register){ // if the submit button were clicked if((!$name)
|| (!$email) || (!$age) || (!$login) ||
(!$password) || (!$password2)){ print "You can't let
any fields in blank....
Looking for cookie, security, vulnerability, youre, login
|
|
Searching Video's for cookie, security, vulnerability, youre, login
|
advertisement
|
|
Jul 26, 2008
