also, you know where the security flaw is on your own website, making this tutorial to "how to session hijack your own website for kids with too much time"
@weewex You are not always aware of the security flaws on your website. Look at Sony, they hired professionals to make sure someone wouldn't hack their website again, but it sure did happen again. Is this tutorial for kids with too much time? To prevent hacking you'll have to understand how it takes place. It's hard to prevent something that you're totally unaware of.
@Mach399 what i had in mind was, that that if you make your website hackable via flaws in code and/or simple workarounds to mess up your website( not just users on your website) it's your fault... If you have all the security needed to function normaly, with in mind that your website is secured from script-monkeys and you get hacked anyway, then you have a problem you can't solve on your own by just fixing your website.
Also, cookie exploit is doable only if you have such cookie which means...
that the user didn't log out when he was finished browsing on a multiuser computer.
I did't mean to discourage your tutorial or to criticize it on it's purpose, i just wanted to say that there is most likely your not gonna be able to do this on every computer, only on those whose computer knowledge is limited and doesn't aware what can be done with it.
@weewex To be honest I don't think anyone would want to make their site hackable or mess up its code (regarding "that if you make your website hackable"). Sure it's your fault if you do so, of course. You can never make your site fully secure, imagine a castle, if you build the walls around it to high, robust and block all the entrances there is no way you can get inside either. If you leave one entrance open you can get inside but there is also a possibility for the hacker to get inside.
So i'll be looking more into this, but would the prevention of this method be to disable script posting at the user level? I'm also sure you cant just say disable scr ipt> though. It's probably deeper than that since there is other ways to represent that statement.
@icodeforlove Way to sound like a 15 year old "I know more than everyone" dick. Ever hear of a website called ebay? They HAVE to allow their members to post raw html to their site in order to create listings. This helps to alert those who need to allow HTML input of the potential security breeches. Stop wasting your dick breath boasting, and open your dick mind a bit more. Dick.
@WhatThaEff You never have to allow anything... If you are allowing RAW HTML you need to have your actual website on a different domain, so you can do this by loading everything that the user generated in an iframe (that is bound to a different domain). Someone will always find a way to circumvent your security measures, enabling RAW HTML on a same-domain site is idiotic. By the way EBAY parses out anything that may be of threat, this is totally an option but its a never ending battle.
Comment removed
NosukeKuroki 5 months ago
Comment removed
idontfkinknow1234 7 months ago
no security on your website = fail website
also, you know where the security flaw is on your own website, making this tutorial to "how to session hijack your own website for kids with too much time"
weewex 8 months ago
@weewex You are not always aware of the security flaws on your website. Look at Sony, they hired professionals to make sure someone wouldn't hack their website again, but it sure did happen again. Is this tutorial for kids with too much time? To prevent hacking you'll have to understand how it takes place. It's hard to prevent something that you're totally unaware of.
Mach399 3 months ago
@Mach399 what i had in mind was, that that if you make your website hackable via flaws in code and/or simple workarounds to mess up your website( not just users on your website) it's your fault... If you have all the security needed to function normaly, with in mind that your website is secured from script-monkeys and you get hacked anyway, then you have a problem you can't solve on your own by just fixing your website.
Also, cookie exploit is doable only if you have such cookie which means...
weewex 3 months ago
that the user didn't log out when he was finished browsing on a multiuser computer.
I did't mean to discourage your tutorial or to criticize it on it's purpose, i just wanted to say that there is most likely your not gonna be able to do this on every computer, only on those whose computer knowledge is limited and doesn't aware what can be done with it.
weewex 3 months ago
@weewex To be honest I don't think anyone would want to make their site hackable or mess up its code (regarding "that if you make your website hackable"). Sure it's your fault if you do so, of course. You can never make your site fully secure, imagine a castle, if you build the walls around it to high, robust and block all the entrances there is no way you can get inside either. If you leave one entrance open you can get inside but there is also a possibility for the hacker to get inside.
Mach399 3 months ago
So i'll be looking more into this, but would the prevention of this method be to disable script posting at the user level? I'm also sure you cant just say disable scr ipt> though. It's probably deeper than that since there is other ways to represent that statement.
XTREEMMAK 10 months ago
understood.. an excellent demonstration thanks a lot for thisx
debsolina 10 months ago
How is that "Comment" data and the magazine page linked ? :S
lontosar 1 year ago
@lontosar Comment data is mostly stored in the source of the HTML magazine page (or any page with comments for that matter)
Crypthal 11 months ago
lol, validate your comments... Anyone that lets people post RAW HTML to their site is a dumb ass.
icodeforlove 1 year ago
@icodeforlove Way to sound like a 15 year old "I know more than everyone" dick. Ever hear of a website called ebay? They HAVE to allow their members to post raw html to their site in order to create listings. This helps to alert those who need to allow HTML input of the potential security breeches. Stop wasting your dick breath boasting, and open your dick mind a bit more. Dick.
WhatThaEff 1 year ago
@WhatThaEff You never have to allow anything... If you are allowing RAW HTML you need to have your actual website on a different domain, so you can do this by loading everything that the user generated in an iframe (that is bound to a different domain). Someone will always find a way to circumvent your security measures, enabling RAW HTML on a same-domain site is idiotic. By the way EBAY parses out anything that may be of threat, this is totally an option but its a never ending battle.
icodeforlove 1 year ago
Very nice video! Very informational and easy to understand!
shanetalbert 1 year ago
ieUUzLWkzNG9yU2NiNWV3aURuc3NIMjcwbjFXUHp6bkhUZ1hwN1JIenF1MmI3d3B4eVN5UGJ3
Universal187 1 year ago
Think you could upload that cookie grabber file (in a .txt file) and post a link for it? My eyes are a little bad.
mattpersinger 2 years ago
nice vid men ;-)
bukibv 2 years ago