Home | Community | Message Board


Lil Shop Of Spores
Please support our sponsors.

General Interest >> Science and Technology

Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Jump to first unread post. Pages: 1
OfflineElektrolurch
enthusiast
Registered: 05/02/00
Posts: 307
Loc: Germany
Last seen: 10 years, 8 months
Shroomery security concern
    #455836 - 11/12/01 11:42 AM (15 years, 27 days ago)

Hi,

Some days ago I was taking a look at the cookies in my computer due to a problem to log into the Shroomery. I read the cookie from the Shroomery and couldn't believe, that I was able to read my password. This cookie is send through many computers before it reaches you, and is therefore possibly accesible to other people. I expected that the password would be encripted. You can take a look by yourself:

E.g. for Internet Explorer:
go to the "Internet Options" menu in the Internet Explorer. Under "temporary internet Files" push "preferences" in the next window push "show files". A Explorer showing your "temporary internet" files is displayed. Look for a text file named "wwwthreads" from the URL
"Cookie:name@shroomery.org/wwwthreads" (name is your Windows login name). Open it by pressing Enter. Windows will show a warning message, just go on. A notepad will open and you will see a line with text and numbers. The newline is not interpreted correctly by the notepad, so you may see a block instead of getting a new line. Look for "w3t_mypass" , after that your password is showed unecripted :(

The problem is that if someone knows your password, they can look at your private messages. I have myself got mail addresses through a PM (I deleted these messages) .
I just can say that you shouldn't send mail add. through the Shroomery PM, and you should take care about what you write through a PM. BTW hotmail & yahoo encript the password, this still doesn't mean that they are completelly secure.

I hope to hear some ideas from you about this security hole in the Shroomery.

Elektrolurch


--------------------
"For all the time spent in that room
The doll's house, darkness, old perfume
And fairy stories held me high on
Clouds of sunlight floating by.", Pink Floyd '67


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineMalice
still learning
Registered: 10/22/01
Posts: 69
Last seen: 6 years, 30 days
Re: Shroomery security concern [Re: Elektrolurch]
    #455888 - 11/12/01 12:59 PM (15 years, 27 days ago)

*rofl* i would not call this a security hole... it's just a shame- nothing more.
but what it makes to a hole ist this:

think about it.

more info's:
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=exploit&id=3513

so think about your cookies *muhahahahah*

btw: admins could also modify your cookies - and/or save them. (just logging the outgoing script-generated html site's - nothing special, how jared will agree).


edit: damn the board rewrites my link:

root site:
here
just type in:
www.shroomery.org/wwwthreads/

btw: it is sure crypted by me.... maybe coz i got 128 bit encryption.... on rsa :oP


--------------------
*chill*


Edited by Malice (11/12/01 01:20 PM)


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineElektrolurch
enthusiast
Registered: 05/02/00
Posts: 307
Loc: Germany
Last seen: 10 years, 8 months
Re: Shroomery security concern [Re: Malice]
    #456755 - 11/13/01 07:32 AM (15 years, 26 days ago)

Thanx for the info...
The first try for the Google thing didn't work, because I was using Konqueror under Linux, but I tried it now with the IE...

Elektrolurch


--------------------
"For all the time spent in that room
The doll's house, darkness, old perfume
And fairy stories held me high on
Clouds of sunlight floating by.", Pink Floyd '67


Post Extras: Print Post  Remind Me! Notify Moderator
Jump to top. Pages: 1

General Interest >> Science and Technology

Similar ThreadsPosterViewsRepliesLast post
* Paranoids guide to shroomery security. Anonymous 1,129 8 08/24/02 05:37 PM
by Anonymous
* Thor: Serious security issue zoodoo 2,173 13 06/05/02 06:58 AM
by Larrythescaryrex
* how can i change a password i don't know on windows xp? Krishna 949 4 12/26/05 10:31 AM
by Krishna
* Lana? A question concerning security/basic law. anonymoushate 989 3 05/24/02 07:38 AM
by Lana
* Passwords on MS Vista Brainiac 561 3 03/15/08 11:42 AM
by Newbie
* How can i penetrate password protected Wi Fi network? (ie how can i steal interent from neighbours)
( 1 2 3 all )
Jalruza 18,834 56 02/10/08 05:56 PM
by psilosibling
* Password protecting external HD GumbyM 1,536 19 08/20/08 07:51 AM
by delta9
* passwords funkymonk 553 3 03/08/03 08:52 AM
by windex

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Lana, trendal, Diploid, automan
1,541 topic views. 0 members, 3 guests and 1 web crawlers are browsing this forum.
[ Toggle Favorite | Print Topic | Stats ]
Search this thread:
RVF Garden Supply
Please support our sponsors.

Copyright 1997-2016 Mind Media. Some rights reserved.

Generated in 0.035 seconds spending 0.004 seconds on 14 queries.