Phpsessid

[ignite]

PHPSESSID=ae19973a93edcb95*******; cprelogin=no

In mail logs it sese i am sending this code to a user like every 5 minuets ?

Does anyone no why ?

 

Ps. i changed some of the numbers in that code in case it was something people could use against me.

[vinyl]

Re: Phpsessid

in you game-mail??? I suppose it's a sessionID,which says "this was my data or what I was doing kinda"

but it sounds more like something you would see in your regular email box(s) after having been a victim

of a virus, etc.

[ignite]

Re: Phpsessid

His trying to do a sql injection i think. Is it all right if i post the input that was in his signature ?

[vinyl]

Re: Phpsessid

I don't want to stifle free speech, but I don't know quite where md draws the line on posting potentially maicious code (i realize this doesn't work yet in your game)

maybe the members here should just focus on how to preg_replace etc the sig input form to insure such code does not work, -which it doesn't, but with modifications...who knows? he's attempting to get into cpanel???

[ignite]

Re: Phpsessid

So can i post this code ? basicly he is using a code in his sig witch sends him some kind of session id.

[hamster01]

Re: Phpsessid

Well, if it was an sql injection it would give an sql error, as that is the main purpose why hackers do injections.

php manual of that cprelogin=no:

 

HTTP_COOKIE cprelogin=no; GallerySession=e1bbefae948c742ad72e3b4babac28b6

source: http://www.spacecoasthomes.net/phpinfo.htm

[Decepti0n]

Re: Phpsessid

phpsessid is the session cookie, if you change your cookies to that value you can hijack their session and take over their account.

so, delete their sig :P

[Haza]

Re: Phpsessid

what do they do with the code? inject it into there own cookie?

[hamster01]

Re: Phpsessid

It could be used for alor of things.

If you have ff:

C:\Documents and Settings\Username\cookies

You should see all your cookies :)

[ignite]

Re: Phpsessid

So using a bb code engine will prevent this from happening ? Can this also happen in users note pad ?

[hamster01]

Re: Phpsessid

can happen anywhere.

[ignite]

Re: Phpsessid

The easiest way of preventing this would be ?

[hamster01]

Re: Phpsessid

strip_tags()

things l;ike that

[ignite]

Re: Phpsessid

So infront of text boxes i would put that ?

[hamster01]

Re: Phpsessid

No.

use it liek this:

$pass = $_POST['pass'];
$safe_pass = strip_tags($pass);

or its used liek this:

echo strip_tags($pass);

cant remember

[ignite]

Re: Phpsessid

echo strip_tags($pass)

Were abouts would i post this low.