Today | RSS | RDF | Atom | Other
 
Advanced Search
Eric's weblog
Weird Thoughts From Eric's Head

Tags - Categories : All | AJAX | BUSINESS | PERSONAL | PROGRAMMING | BOOK REVIEW
April 2004
SunMonTueWedThuFriSat
     1  2  3 
 4  5  6  7  8  9  10 
 11  12  13  14  15  16  17 
 18  19  20  21  22  23  24 
 25  26  27  28  29  30  
Mar  |  Today  |  May

Recent Blog Entries

Co-Author of Ajax In Action Ajax In Action

Recent Responses
Re: Make innerText compatiable
A better way to do this now is: if(document.all){ document.getElementB...

Re: The responseXML is null or has an error.
Another problem that can screw up your XML response when it is generated by PHP code is when you make a call to a PHP function that reports a warning such as the mail function does when there is a problem with the mail set up. You can suppress these wa...

Other Blogs
Dave Crane
Val's Blog
Dirk's Blog
Nate's weblog
Ajith Kallambella
Lasse's weblog
Gregg's Weblog
Hershey's Blog
My Cave Online
Bounces amongst neurons
Six Sides To A Box
Jia Yo!
Moose in Headlights
Unresolved References
This That and The Other...
Just My Thoughts
Balaji's blog
Java Ranch Book Reviews
Corey's SCJP Tipline, etc.
JavaRanch News
Eric's weblog
Barry's weblog
Mike Curwen's Blog
David's blog
In through the out door
Frank Carver's weblog
Peabody's
Uncontrolled Vocabularies
The Bear Den
I've Been Wondering...
Simon Brown
Permalink
[PROGRAMMING] Hacking UBB with Cookies

Hacking UBB with Cookies

This demonstration shows why you should avoid using cookies on a public computer. Make sure that all of your information is deleted someone can not do the following:

As I said earlier today I wanted to have some cookie fun. Well I opened up the cookie jar and pulled out a little tidbit of information. I found an interesting program called Cookie Editor and made my job a lot easier!

So I grabbed the cookie from a forum that I visit on a regular basis with my original screen name. The cookie stores my information so it knows who I am so I do not have to keep logging in. I copied the user id and the password fields into notepad.

cookie

I logged out of the forum and I went to my internet options and deleted all of my stored files and cookies to make sure that my original cookie was deleted. I logged back into the forum under another name that I got for testing purposes.

forum

I then went back to the Cookie Editor and looked for the new forum cookie and you can see that the information changed.

cookie

I replaced the user id value with the other name.

replace

I replaced the MD5 password hash with the other accounts.

replace

And now you just have to close your browser and reopen the webpage.

forum

You then see that the name has changed! Now you can post under this person’s account. I find this to be a little scary. I tried to do the same thing with hotmail but it did not work, it would change the email account, but would require a password. Over the weekend I might find out some other things but only time will tell.

Have a good weekend and stay out of trouble!

Eric Pascarello HTML/JavaScript moderator at JavaRanch.com

TrackBacks[0] Comments[2] Posted by pascarello on April 30, 2004 3:45:29 PM EST
Permalink
[PERSONAL] Its Friday- Quick blog!!

The Loop

How do you keep a programmer in the shower all day?

Give him a bottle of shampoo which says "lather, rinse, repeat."

What I am working on:

I am working on another project with cookies! I am playing with cookies from websites and seeing what I can come up with.

You might be surprised what a person might be able to do with cookies that were left sitting on the temp folder. Hopefuly I will have a nice blog on this on Monday! Have a good weekend people!

Eric Pascarello HTML/JavaScript moderator at JavaRanch.com

TrackBacks[0] Comments[0] Posted by pascarello on April 30, 2004 8:53:04 AM EST
Powered by Pebble 1.9.1 [ Login ] Content © Eric Pascarello