Using $_SESSIONS/COOKIES? Maybe u shud read this first.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #46
    Alright. But is lava prodigits "based" then. Anyway i found a way thru lava sites, whether sid is in url or php session cookie. Only drawback, its browser dependent yo killer we cud run a test on ur site.

    Comment


      #47
      nope! prodi is tottaly different script,the engine itselft is on asp.. btw, wat was that browser dependant thingy?

      Comment


        #48
        The hack i cooked up is written in CSRF + AJAX. AJAX only works on web browsers. Soo, the victim has to be using one. The screen shot i promised:
        http://coderrr.wen.ru/mgwebalpha-screenshot.JPG and http://coderrr.wen.ru/mgwebalpha-logged-screenshot.JPG
        thats all i can shoot for copyright reasons. And yes its AJAX driven bt works wit my mobile database.

        Comment


          #49
          Originally posted by mobileGIGS View Post
          The hack i cooked up is written in CSRF + AJAX. AJAX only works on web browsers. Soo, the victim has to be using one. The screen shot i promised:
          http://coderrr.wen.ru/mgwebalpha-screenshot.JPG and http://coderrr.wen.ru/mgwebalpha-logged-screenshot.JPG
          thats all i can shoot for copyright reasons. And yes its AJAX driven bt works wit my mobile database.
          now thats a good looking web version.. one thing ive noticed, your using phpssid or cookies which kinda contradict with the one your recommending in this topic..

          Comment


            #50
            Im nt saying DONT use it, im showin u a hole. All u have to do is block the hole lol. Which brings us to the 2nd part of my thread. I have written a class that automatically validates every post form in my page to avoid noob csrf and i use one i got 4rm github to do ajax csrf protectn. Search "php csrf helper" in github to get anyone. And ffs pls avoid GET requests. NOTE: if u hav an XSS hole, u myt as well nt bother downloading d csrf helper.

            Comment

            Working...
            X