Hey bro ny budy hlp me i want hide my session id in retrivewap ,i read that thread realted to hide session id bt dnt undestand what i do thats y make this topic if ny budy knw plz help me,nd rider bro you knw vry wel then y u dnt tel me . . Plz help me i need ur help
-
-
lol..i've posted it already in the old thread hiding ses id..just find it on that thread..but that thing was not like what i've done in my site now..=)Originally posted by 12345xmen View PostMy Blog: http://jhommark.blogspot.com
My Facebook: http://www.facebook.com/jhommark
My Official Site: http://www.undergroundweb.tk
My Community Site: http://undergroundwap.xtreemhost.com -
I will repeat it! In login.php, change $sid = md5($did) to $_SESSION["sid"] = md5($did) and then below that and in every top of page put $sid = $_SESSION["sid"];My Blog: http://jhommark.blogspot.com
My Facebook: http://www.facebook.com/jhommark
My Official Site: http://www.undergroundweb.tk
My Community Site: http://undergroundwap.xtreemhost.comComment
-
Originally posted by kiLLeR-eyEd_14 View Post
bro i do that as u say
i change $sid = md5($did); to $_SESSION["sid"] = md5($did);
nd this line below i add $sid = $_SESSION["sid"];
like this
$_SESSION["sid"] = md5($did);
$sid = $_SESSION["sid"];
and nw in all othere php file i put
$sid = $_SESSION["sid"];
just below
<?php
like this
<?php
$sid = $_SESSION["sid"];
but still my session id showwwwwwwwwww
nw tel what i do ?Comment
-
Even i want this hiding session id thingComment
-
Even i want this hid1ing session id thingComment
-
common sense..remove the &sid=$sid in every link..lol..if u wanna know if u've hidden the ses id..enter your homepage after logging in and remove the &sid=blahblahblah in the urlOriginally posted by 12345xmen View PostLast edited by kiLLeR-eyEd_14; 05.10.09, 08:28.My Blog: http://jhommark.blogspot.com
My Facebook: http://www.facebook.com/jhommark
My Official Site: http://www.undergroundweb.tk
My Community Site: http://undergroundwap.xtreemhost.comComment
-
Hehe http://keancute.Net/index.php?action=pogi it muzt be like that when linking in ur pages .. samplesComment
-
-
http://yuhjiwap.co.cc | my site wasn't yet finished..but you can try to register and loginOriginally posted by mobileGIGS View PostMy Blog: http://jhommark.blogspot.com
My Facebook: http://www.facebook.com/jhommark
My Official Site: http://www.undergroundweb.tk
My Community Site: http://undergroundwap.xtreemhost.comComment
-
Btw if u wana do the above code knw that u have unleashed a whole new can of whoop ass holes on ur site. Easier to exploit holes.Comment
-
Then what i do mobileGIGSComment
-
i'm not afraid with that..i'm doing my best to secure my whole site..someone is trying to hack me with shell script but he couldn't be successful with that..lol..i'm juz lmao with him..and as of now, i'm never using cookies and session vars for holding the encrypted something as ses id..i use phpsessid that php provides ses id depending on the browser type used..but i'm not sure with these details i reviewed regarding phpsessid..Originally posted by mobileGIGS View PostMy Blog: http://jhommark.blogspot.com
My Facebook: http://www.facebook.com/jhommark
My Official Site: http://www.undergroundweb.tk
My Community Site: http://undergroundwap.xtreemhost.comComment
-
Its still insecure, duh. Simply put its an exploit thats easily luks harmless. . .except if u got sum xtra knwledge. Okay enuf speculashins. I exploited 3 sites recently to test.
W2c.in, wapirate and retrivewap.co.za tho i dnt exploit wit malicious intent. Basically if ur site has as little as one XSS hole, game ova. Also wots so special is, i put one line of simple code and u do d dirty work 4 me lol. After much, ive written a class to protect, i'l share it after my mG v4.0 update.Comment
-
Oh and killer, you SHOULD be afraid. Very. Its the "hardest exploit to protect...as the hacker does not need to steal anything...what makes it even harder? Its You and nt the hacker thats sending the request so its valid...put simply, you are doing his dirty work for him." so killer, storing ur sid in mars wnt even solve it. I'll make a thread lata.Comment
Comment