How hide session id in retrivewap help me plz ?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    How hide session id in retrivewap help me plz ?

    Hey bro ny budy hlp me i want hide my session id in retrivewap ,i read that thread realted to hide session id bt dnt undestand what i do thats y make this topic if ny budy knw plz help me,nd rider bro you knw vry wel then y u dnt tel me . . Plz help me i need ur help

    #2
    Originally posted by 12345xmen View Post
    Hey bro ny budy hlp me i want hide my session id in retrivewap ,i read that thread realted to hide session id bt dnt undestand what i do thats y make this topic if ny budy knw plz help me,nd rider bro you knw vry wel then y u dnt tel me . . Plz help me i need ur help
    lol..i've posted it already in the old thread hiding ses id..just find it on that thread..but that thing was not like what i've done in my site now..=)
    My Blog: http://jhommark.blogspot.com
    My Facebook: http://www.facebook.com/jhommark
    My Official Site: http://www.undergroundweb.tk
    My Community Site: http://undergroundwap.xtreemhost.com

    Comment


      #3
      I will repeat it! In login.php, change $sid = md5($did) to $_SESSION["sid"] = md5($did) and then below that and in every top of page put $sid = $_SESSION["sid"];
      My Blog: http://jhommark.blogspot.com
      My Facebook: http://www.facebook.com/jhommark
      My Official Site: http://www.undergroundweb.tk
      My Community Site: http://undergroundwap.xtreemhost.com

      Comment


        #4
        Originally posted by kiLLeR-eyEd_14 View Post
        I will repeat it! In login.php, change $sid = md5($did) to $_SESSION["sid"] = md5($did) and then below that and in every top of page put $sid = $_SESSION["sid"];

        bro i do that as u say


        i change $sid = md5($did); to $_SESSION["sid"] = md5($did);

        nd this line below i add $sid = $_SESSION["sid"];

        like this
        $_SESSION["sid"] = md5($did);
        $sid = $_SESSION["sid"];

        and nw in all othere php file i put

        $sid = $_SESSION["sid"];

        just below

        <?php

        like this

        <?php
        $sid = $_SESSION["sid"];


        but still my session id showwwwwwwwwww


        nw tel what i do ?

        Comment


          #5
          Even i want this hiding session id thing

          Comment


            #6
            Even i want this hid1ing session id thing

            Comment


              #7
              Originally posted by 12345xmen View Post
              bro i do that as u say


              i change $sid = md5($did); to $_SESSION["sid"] = md5($did);

              nd this line below i add $sid = $_SESSION["sid"];

              like this
              $_SESSION["sid"] = md5($did);
              $sid = $_SESSION["sid"];

              and nw in all othere php file i put

              $sid = $_SESSION["sid"];

              just below

              <?php

              like this

              <?php
              $sid = $_SESSION["sid"];


              but still my session id showwwwwwwwwww


              nw tel what i do ?
              common sense..remove the &sid=$sid in every link..lol..if u wanna know if u've hidden the ses id..enter your homepage after logging in and remove the &sid=blahblahblah in the url
              Last edited by kiLLeR-eyEd_14; 05.10.09, 08:28.
              My Blog: http://jhommark.blogspot.com
              My Facebook: http://www.facebook.com/jhommark
              My Official Site: http://www.undergroundweb.tk
              My Community Site: http://undergroundwap.xtreemhost.com

              Comment


                #8
                Hehe http://keancute.Net/index.php?action=pogi it muzt be like that when linking in ur pages .. samples
                com site: http://vampist.net
                download site: http://wapdloads.net
                fb: http://www.facebook.com/pmplx

                Comment


                  #9
                  I'd like to c wot u did wit urs @ killereyed

                  Comment


                    #10
                    Originally posted by mobileGIGS View Post
                    I'd like to c wot u did wit urs @ killereyed
                    http://yuhjiwap.co.cc | my site wasn't yet finished..but you can try to register and login
                    My Blog: http://jhommark.blogspot.com
                    My Facebook: http://www.facebook.com/jhommark
                    My Official Site: http://www.undergroundweb.tk
                    My Community Site: http://undergroundwap.xtreemhost.com

                    Comment


                      #11
                      Btw if u wana do the above code knw that u have unleashed a whole new can of whoop ass holes on ur site. Easier to exploit holes.

                      Comment


                        #12
                        Then what i do mobileGIGS

                        Comment


                          #13
                          Originally posted by mobileGIGS View Post
                          Btw if u wana do the above code knw that u have unleashed a whole new can of whoop ass holes on ur site. Easier to exploit holes.
                          i'm not afraid with that..i'm doing my best to secure my whole site..someone is trying to hack me with shell script but he couldn't be successful with that..lol..i'm juz lmao with him..and as of now, i'm never using cookies and session vars for holding the encrypted something as ses id..i use phpsessid that php provides ses id depending on the browser type used..but i'm not sure with these details i reviewed regarding phpsessid..
                          My Blog: http://jhommark.blogspot.com
                          My Facebook: http://www.facebook.com/jhommark
                          My Official Site: http://www.undergroundweb.tk
                          My Community Site: http://undergroundwap.xtreemhost.com

                          Comment


                            #14
                            Its still insecure, duh. Simply put its an exploit thats easily luks harmless. . .except if u got sum xtra knwledge. Okay enuf speculashins. I exploited 3 sites recently to test.
                            W2c.in, wapirate and retrivewap.co.za tho i dnt exploit wit malicious intent. Basically if ur site has as little as one XSS hole, game ova. Also wots so special is, i put one line of simple code and u do d dirty work 4 me lol. After much, ive written a class to protect, i'l share it after my mG v4.0 update.

                            Comment


                              #15
                              Oh and killer, you SHOULD be afraid. Very. Its the "hardest exploit to protect...as the hacker does not need to steal anything...what makes it even harder? Its You and nt the hacker thats sending the request so its valid...put simply, you are doing his dirty work for him." so killer, storing ur sid in mars wnt even solve it. I'll make a thread lata.

                              Comment

                              Working...
                              X