dodgerblue 0 Report post Posted April 26, 2005 Problem:The cookie for admin is set by default to one month for most scripts. This is dangerous because anyone can enter a certain script (which I won't paste here), and IE will auto-correct it, sending information to that person, who can then change the UID and log in to the site as admin!!Solution:If you're using IE to login to, clear your cookies, it's not too late!Then, switch over to Mozilla. You know you want to... Share this post Link to post Share on other sites
GM-University 0 Report post Posted April 26, 2005 This is for what, phpBB, IPB, other? Or for all IE browsers, in that case it would mean anyone using ti could access it anyways... Share this post Link to post Share on other sites
dodgerblue 0 Report post Posted April 26, 2005 Last checked, yes, phpBB, Geeklog, Xoops... etc. All those scripts that lots of people here in this forum use... It's a IE exploit to do with the way IE reads vbscript tags. Share this post Link to post Share on other sites
CrashCore 0 Report post Posted April 26, 2005 Who uses Internet Explorer anymore anyways? The only reason people use it anymore (since Firefox) is because of Micro$oft's brainwashing Since when does IE auto-correct stuff without your consent? Where will Micro$oft stop? Share this post Link to post Share on other sites
Shadow 0 Report post Posted April 27, 2005 And Microsoft gets worse.. That's not good because I still use IE(mainly cuz this isn't my comp to install things on). I guess it's a good thing no one has discovered my site yet since I change it so gawd damn much! But it's still an issue for the other 4 people who use this computer. Thanx for the info, I will be sure to inform the owner of this comp(my dad) and get him to switch to mozilla asap! Share this post Link to post Share on other sites
dodgerblue 0 Report post Posted April 28, 2005 lol Shadow, actually, you can download Firefox for free here: https://support.mozilla.org/en-US/kb/get-started-firefox-overview-main-featuresCrashcore - yeah, when I checked my stats, about 80% of my visitors were on Firefox, 5% on Opera and only 12% on IE. Let's hope more people catch on!! Share this post Link to post Share on other sites
Odyssey 0 Report post Posted April 30, 2005 Well, thanks for notifying us!I currently run phpBB boards, and now have them updated accordingly to 2.0.14 . Also it seems that this problem is with any browser, but I use Mozilla Firefox anyways.Also, any one that still uses Internet Explorer, you should make the switch to Mozilla Firefox as soon as possible, I gurantee that you will like the switch, and to those of you who have toolbars, and spyware in Internet Explorer, you will not notice them in Firefox Share this post Link to post Share on other sites
MarCrush 0 Report post Posted June 2, 2005 Who uses Internet Explorer anymore anyways? The only reason people use it anymore (since Firefox) is because of Micro$oft's brainwashing Since when does IE auto-correct stuff without your consent? Where will Micro$oft stop? 134819[/snapback] Maybe in IE 7 (Microsoft is making right now) will stop this. But who knows. Most people use IE and it is impossible for everyone to switch over to Mozilla. Some sites don't even look good in Mozilla but yet again every user has their perfences. Share this post Link to post Share on other sites
Keeper 0 Report post Posted June 24, 2005 Everyday before i turn off my comp, i clear cookies... And i think it helps _________________________________________Keeper, Sons of the Dragon http://forums.xisto.com/no_longer_exists/ Share this post Link to post Share on other sites
TimothyA 0 Report post Posted June 25, 2005 having cookies in your system means that someone can hijack them (steal them). If I understand the problem correctly you mean that you can basicly login under a different UID by changing your own cookiestring. To sad that this is only a small flaw as there is an exploit for most popular boards to modify the header being sent so your UID is changed to 1 (The admin in this case) or any other number. This exploit is doable with mozilla firefox and the right extensions installed. Share this post Link to post Share on other sites
ManOfSTEEL 0 Report post Posted June 25, 2005 Problem: The cookie for admin is set by default to one month for most scripts. This is dangerous because anyone can enter a certain script (which I won't paste here), and IE will auto-correct it, sending information to that person, who can then change the UID and log in to the site as admin!! Solution: If you're using IE to login to, clear your cookies, it's not too late! Then, switch over to Mozilla. You know you want to... 134675[/snapback] Is this bug works only in IE? What if I switch my browser to mizilla, is it safe then? I found a lot of cookies in my computer and some of theme are detected as spyware. what does it means, coz sometimes I opened out cookie files and it contains lots of info which is usually originated from my PC. like my e-mail address visited website etc... I my own Idea cookies was created to increase the speed of your computer when browsing the internet.For example if you browse yahoo some files required by yahoo are saved inside your computer so that the next time you login or browse the same site it will not look again for that file in the internet but instead load the file from your local computer. In this way it will help you to browse the net faster, the more cookies you have the more faster the browser is. This is the purposed of having cookies inside your computer, it just so happened that potential user or let say a hackers use the cookies as entry point. that's the problem, that is why cookies or some cookies detected as spyware by some anti-spy program... Share this post Link to post Share on other sites