Anti session hijacking

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Anti session hijacking

    core or what ever script your using.....

    PHP Code:
    function page_protect() 
    {
    session_start();

    if (isset(
    $_SESSION['HTTP_USER_AGENT']))
    {
        if (
    $_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT']))
        {
            
    login();
            exit;
        }
      }
    }
    function 
    login()
    {
    session_start();
    if(isset(
    $_SESSION['sid']) || isset($_COOKIE['sid'])) {

    Enter your sql for your own site !!



    How to use

    Under core or what ever !

    PHP Code:
    page_protect(); 

    Add a thanks here or the button !!
    Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
    Visit: WapMasterz Coming Back Soon!
    _______
    SCRIPTS FOR SALE BY SUBZERO
    Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
    FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
    _______
    Info & Tips
    php.net
    w3schools.com

    #2
    Don't get it. If ua is not equal to session saved ua you should login? I'm on mobile so I might be reading this wrong. But how is that supposed to work?
    When do you store the Md5 session? You didn't show that.

    Btw that looks like the code I proposed yesterday. Just saying.
    Perfection comes at a cost



    I accept liberty!

    Comment


      #3
      this makes sid go away.

      Also making it harder to read from hijackers that know your cookies and id names also stops them by sending your browser as fake sid other then real sid.

      its like a clone but your only know its only a trick to others thinking there sid is there info on password and login. but in fact they only going to decode

      it like Opera 1059 / windows xp 64 bit
      Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
      Visit: WapMasterz Coming Back Soon!
      _______
      SCRIPTS FOR SALE BY SUBZERO
      Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
      FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
      _______
      Info & Tips
      php.net
      w3schools.com

      Comment


        #4
        I'm sorry I still don't get it. But its alright.
        Hey what happened with your project?
        Perfection comes at a cost



        I accept liberty!

        Comment


          #5
          i seem to fit it in quickly so far
          Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
          Visit: WapMasterz Coming Back Soon!
          _______
          SCRIPTS FOR SALE BY SUBZERO
          Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
          FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
          _______
          Info & Tips
          php.net
          w3schools.com

          Comment


            #6
            I didn't hear anything.

            I mean from you again concerning it.
            Perfection comes at a cost



            I accept liberty!

            Comment


              #7
              your code is different with this.. hehehe =p RedTeam Labs: Simple Anti Session Hijacking

              Comment


                #8
                its like the same with other 5 sites lol

                There nothing im hiding here ;)
                Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
                Visit: WapMasterz Coming Back Soon!
                _______
                SCRIPTS FOR SALE BY SUBZERO
                Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
                FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
                _______
                Info & Tips
                php.net
                w3schools.com

                Comment


                  #9
                  Does this help somehow? I found it on php.net coments...

                  PHP Code:
                  <?php
                  if (isset($_REQUEST['_SESSION'])) die("Get lost Muppet!");
                  ?>
                  <!DOCTYPE html PUBLIC "-//WAPFORUM.RS

                  Comment


                    #10
                    I think it is checking to see if the hacker tried to pass the session var in a post it get var and then quits the function. I'm not too sure though. Cos that should be PHPSESSID instead.
                    Well, as I said, I'm not too sure about the snippet. Pardon me if I'm wrong.
                    Perfection comes at a cost



                    I accept liberty!

                    Comment


                      #11
                      function page_protect()
                      {
                      session_start();

                      if (isset($_SESSION['HTTP_USER_AGENT']))
                      {
                      if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT']))
                      {
                      login();
                      exit;
                      }
                      }
                      }
                      function login()
                      {
                      session_start();
                      if(isset($_SESSION['sid']) || isset($_COOKIE['sid'])) {

                      Enter your sql for your own site !!
                      }

                      Not "sid" or "PHPSESSID", thats are the name of _SESSION.
                      <!DOCTYPE html PUBLIC "-//WAPFORUM.RS

                      Comment


                        #12
                        doesnt matter what u call your cookie or session vars can be phpsessid or ses or sid or hgchvbgv it really doesnt matter as long as its callled up properly in the script

                        Comment


                          #13
                          thats right ori lol

                          Mine site has cookie_monster_login_(cant say any more here)_And Here lol

                          Don't matter what you use as long its session being used..
                          Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
                          Visit: WapMasterz Coming Back Soon!
                          _______
                          SCRIPTS FOR SALE BY SUBZERO
                          Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
                          FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
                          _______
                          Info & Tips
                          php.net
                          w3schools.com

                          Comment


                            #14
                            I'm just make a distinction between these two, of course and I said, is irrelevant how it is named... ;)

                            The question is whether this snippet helps and if placed before or after the session_start() ?
                            <!DOCTYPE html PUBLIC "-//WAPFORUM.RS

                            Comment


                              #15
                              What is it supposed to do? Thing with copying a snippet is, you don't add the preamble. That makes it weird.
                              Post the link to the article so we check it out. And btw, you need session start before you can access session vars.
                              Perfection comes at a cost



                              I accept liberty!

                              Comment

                              Working...
                              X