Jump to content
unqfester

BiteFight - partea X

Recommended Posts

Posted

Intrebarea mea este, la acest joc sa gasit un "bug" sa zic asa ... intri in joc si sus in pagina de net scrii un "script" [(javascript:alert(document.cookie)] apoi iti apare un SID (ex: SID=4ee38a482b740b70da0d29dbaf282820; BiteFight_servers_de_201=true; __utma=48777273.526678296.1284750647.1285766008.1285872861.10; __utmz=48777273.1284750647.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmv=48777273.eingeloggt; BiteFight_servers_de_10=true; __utmc=48777273; __utmb=48777273.6.10.1285872861 ) apoi cu sid`ul asta nu stiu ce se face unde se baga ce si cum dar tot ce este de vanzare la piata le furi si le bagi in contul tau ( contul de la sid care are legatura cu jocul) intrebarea mea la voi este daca stie cineva ceva de informatia asta sau un altfel de prog ? ( se plateste bine informatia, prog etc) nu este pentru mine vreau pentru cineva care vrea pentru contu lui si mai ales daca se gaseste ceva mai bun sa ii futa sau sa ii dea peste cap.

Ps: am sa pun cateva poze cu un cont de test(i-am zis sa imi arate, nu cred pana nu vad) care o persoana stie combinatia dar nu vrea sa o dea mai departe. Va multumesc si sper ca nu v-am deranjat :)

Imageshack - 55030907.jpg

Imageshack - 64301089.jpg

Imageshack - 21355164.jpg

Ps 2:Thx Bro !~

Guest Nemessis
Posted

Nu recurgeti la injuraturi. E o cunostinta de a mea :)

Daca nu il puteti ajuta ignorati topicul. Merci.

Posted

javascript:alert(document.cookie) - get current cookie present on your computer, or on the computer where the link was launched

all __utmx keys are part of Google Analytics tracking

__utmb

* Hashcode

* Changes to identify each unique session

* Non-persistent cookie

* Works with __utmc to determine when a session ends

* Dies when a browser is closed

* If it disappears a new visitor session is started

__utmc

* Session based cookie

* Destroyed after 30 minutes of inactivity

* Can be set higher

* Works with __utmb to determine when session ends

* If it disappears, a new visitor session starts

* Visitor timeout set in __utm.js. Default is 1800 seconds

* 30 minutes is appropriate. Some websites and their visitor traffic may require a different timeout value

__utma = domainhash.unique.ftime.ltime.stime.sessioncount;

* domainhash = hash of the domain name of the website

* unique = a randomly generated 31 bit integer

* ftime = UTC timestamp of first visitor session

* ltime = UTC timestamp of last visitor session

* stime = UTC timestamp of current visitor session

* sessioncount = number of sessions; always incremented for each new session

__utmz

* keeps track of where the visitor came from, what search engine you used, what link you clicked on, what keyword you used, and where they were in the world when you accessed a website

__utmv

* gets set on the person’s computer, so that Google Analytics knows how to classify that visitor

SID = session id of the user connected to that page.

Unless you are able to force someone to launch javascript command and send you the returning info is useless.

The only think vulnerable is SID but depends how this SessionID is treated.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...