Follow us on Twitter!
Capitalism is an Island of wealth in a sea of poverty
Sunday, April 20, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 21
Guests Online: 20
Members Online: 1

Registered Members: 82843
Newest Member: hx47
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

Session ID's


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-02-06 02:09
How would I hijack a Session ID? I have looked all over google. A nice article would be nice Smile
Author

RE: Session ID's


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-02-06 03:20
This is more commonly known as XSS or cross site scripting attacks. Basically you just get someone's session id by some type of malformed request/input to a site, like posting this fictitious text and link:

hahaha omfg lik this is tha funniest shiznit i eva saw!!! w0t a n00b this guy is, check it out lol lol lmao
monkeys.com/haxor. . .script>

Assuming this was a legitimate vulnerability, and assuming someone was dumb enough to see 'w0t was so funny', they'd quickly find out that they've clicked on a url that sends their cookie info to an evil hax0r's page designed to catch the information. They could then swap out their cookie info with your own and be logged in as 'you'.

It's worth noting that this is a very old trick at this point and majority of xss attacks are easily prevented these days. Then again, as einstein said...

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe.


Can't believe how many sites are vulnerable to the stupidest of things. =)
Author

RE: Session ID's


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-02-06 04:20
Thanks man, so its like kind of cookie poising?
Author

RE: Session ID's


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 06-02-06 07:04
I don't think thats quite what he's asking...