Jump to content
xisto Community
Sign in to follow this  
Followers 0
dodgerblue

Cookie Security Vulnerability If youre using IE to login

By dodgerblue, in Security issues & Exploits

Recommended Posts

dodgerblue    0

dodgerblue
Posted

Problem:The cookie for admin is set by default to one month for most scripts. This is dangerous because anyone can enter a certain script (which I won't paste here), and IE will auto-correct it, sending information to that person, who can then change the UID and log in to the site as admin!!Solution:If you're using IE to login to, clear your cookies, it's not too late!Then, switch over to Mozilla. :lol: You know you want to...

Share this post

Link to post
Share on other sites

dodgerblue    0

dodgerblue
Posted

Last checked, yes, phpBB, Geeklog, Xoops... etc. All those scripts that lots of people here in this forum use... It's a IE exploit to do with the way IE reads vbscript tags.

Share this post

Link to post
Share on other sites

CrashCore    0

CrashCore
Posted

Who uses Internet Explorer anymore anyways? The only reason people use it anymore (since Firefox) is because of Micro$oft's brainwashing -_- Since when does IE auto-correct stuff without your consent? Where will Micro$oft stop?

Share this post

Link to post
Share on other sites

Shadow    0

Shadow
Posted

And Microsoft gets worse.. That's not good because I still use IE(mainly cuz this isn't my comp to install things on). I guess it's a good thing no one has discovered my site yet since I change it so gawd damn much! But it's still an issue for the other 4 people who use this computer. Thanx for the info, I will be sure to inform the owner of this comp(my dad) and get him to switch to mozilla asap!

Share this post

Link to post
Share on other sites

dodgerblue    0

dodgerblue
Posted

lol Shadow, actually, you can download Firefox for free here: https://support.mozilla.org/en-US/kb/get-started-firefox-overview-main-features

Crashcore - yeah, when I checked my stats, about 80% of my visitors were on Firefox, 5% on Opera and only 12% on IE. :D

Let's hope more people catch on!! -_-

Share this post

Link to post
Share on other sites

Odyssey    0

Odyssey
Posted

Well, thanks for notifying us!I currently run phpBB boards, and now have them updated accordingly to 2.0.14 . Also it seems that this problem is with any browser, but I use Mozilla Firefox anyways.Also, any one that still uses Internet Explorer, you should make the switch to Mozilla Firefox as soon as possible, I gurantee that you will like the switch, and to those of you who have toolbars, and spyware in Internet Explorer, you will not notice them in Firefox -_-

Share this post

Link to post
Share on other sites

MarCrush    0

MarCrush
Posted

Who uses Internet Explorer anymore anyways?  The only reason people use it anymore (since Firefox) is because of Micro$oft's brainwashing :rolleyes:  Since when does IE auto-correct stuff without your consent?  Where will Micro$oft stop?

134819[/snapback]


Maybe in IE 7 (Microsoft is making right now) will stop this. But who knows. Most people use IE and it is impossible for everyone to switch over to Mozilla. Some sites don't even look good in Mozilla but yet again every user has their perfences.

Share this post

Link to post
Share on other sites

TimothyA    0

TimothyA
Posted

having cookies in your system means that someone can hijack them (steal them). If I understand the problem correctly you mean that you can basicly login under a different UID by changing your own cookiestring. To sad that this is only a small flaw as there is an exploit for most popular boards to modify the header being sent so your UID is changed to 1 (The admin in this case) or any other number. This exploit is doable with mozilla firefox and the right extensions installed.

Share this post

Link to post
Share on other sites

ManOfSTEEL    0

ManOfSTEEL
Posted

Problem:

 

The cookie for admin is set by default to one month for most scripts. This is dangerous because anyone can enter a certain script (which I won't paste here), and IE will auto-correct it, sending information to that person, who can then change the UID and log in to the site as admin!!

 

Solution:

 

If you're using IE to login to, clear your cookies, it's not too late!

 

Then, switch over to Mozilla. :rolleyes: You know you want to...

134675[/snapback]

Is this bug works only in IE? What if I switch my browser to mizilla, is it safe then? I found a lot of cookies in my computer and some of theme are detected as spyware. what does it means, coz sometimes I opened out cookie files and it contains lots of info which is usually originated from my PC. like my e-mail address visited website etc... I my own Idea cookies was created to increase the speed of your computer when browsing the internet.

For example if you browse yahoo some files required by yahoo are saved inside your computer so that the next time you login or browse the same site it will not look again for that file in the internet but instead load the file from your local computer. In this way it will help you to browse the net faster, the more cookies you have the more faster the browser is.

 

This is the purposed of having cookies inside your computer, it just so happened that potential user or let say a hackers use the cookies as entry point. that's the problem, that is why cookies or some cookies detected as spyware by some anti-spy program...

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept