ignite Posted April 26, 2007 Posted April 26, 2007 PHPSESSID=ae19973a93edcb95*******; cprelogin=no In mail logs it sese i am sending this code to a user like every 5 minuets ? Does anyone no why ? Ps. i changed some of the numbers in that code in case it was something people could use against me. Quote
vinyl Posted April 26, 2007 Posted April 26, 2007 Re: Phpsessid in you game-mail??? I suppose it's a sessionID,which says "this was my data or what I was doing kinda" but it sounds more like something you would see in your regular email box(s) after having been a victim of a virus, etc. Quote
ignite Posted April 26, 2007 Author Posted April 26, 2007 Re: Phpsessid His trying to do a sql injection i think. Is it all right if i post the input that was in his signature ? Quote
vinyl Posted April 26, 2007 Posted April 26, 2007 Re: Phpsessid I don't want to stifle free speech, but I don't know quite where md draws the line on posting potentially maicious code (i realize this doesn't work yet in your game) maybe the members here should just focus on how to preg_replace etc the sig input form to insure such code does not work, -which it doesn't, but with modifications...who knows? he's attempting to get into cpanel??? Quote
ignite Posted April 26, 2007 Author Posted April 26, 2007 Re: Phpsessid So can i post this code ? basicly he is using a code in his sig witch sends him some kind of session id. Quote
hamster01 Posted April 26, 2007 Posted April 26, 2007 Re: Phpsessid Well, if it was an sql injection it would give an sql error, as that is the main purpose why hackers do injections. php manual of that cprelogin=no: HTTP_COOKIE cprelogin=no; GallerySession=e1bbefae948c742ad72e3b4babac28b6 source: http://www.spacecoasthomes.net/phpinfo.htm Quote
Decepti0n Posted April 27, 2007 Posted April 27, 2007 Re: Phpsessid phpsessid is the session cookie, if you change your cookies to that value you can hijack their session and take over their account. so, delete their sig :P Quote
Haza Posted April 27, 2007 Posted April 27, 2007 Re: Phpsessid what do they do with the code? inject it into there own cookie? Quote
hamster01 Posted April 27, 2007 Posted April 27, 2007 Re: Phpsessid It could be used for alor of things. If you have ff: C:\Documents and Settings\Username\cookies You should see all your cookies :) Quote
ignite Posted April 27, 2007 Author Posted April 27, 2007 Re: Phpsessid So using a bb code engine will prevent this from happening ? Can this also happen in users note pad ? Quote
ignite Posted April 27, 2007 Author Posted April 27, 2007 Re: Phpsessid The easiest way of preventing this would be ? Quote
hamster01 Posted April 27, 2007 Posted April 27, 2007 Re: Phpsessid strip_tags() things l;ike that Quote
ignite Posted April 28, 2007 Author Posted April 28, 2007 Re: Phpsessid So infront of text boxes i would put that ? Quote
hamster01 Posted April 28, 2007 Posted April 28, 2007 Re: Phpsessid No. use it liek this: $pass = $_POST['pass']; $safe_pass = strip_tags($pass); or its used liek this: echo strip_tags($pass); cant remember Quote
ignite Posted April 29, 2007 Author Posted April 29, 2007 Re: Phpsessid echo strip_tags($pass) Were abouts would i post this low. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.