Home | Community | Message Board

Avalon Magic Plants
This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Jump to first unread post Pages: 1
OfflineElektrolurch
enthusiast
Registered: 05/01/00
Posts: 307
Loc: Germany
Last seen: 17 years, 11 months
Shroomery security concern
    #455836 - 11/12/01 09:42 AM (22 years, 3 months ago)

Hi,

Some days ago I was taking a look at the cookies in my computer due to a problem to log into the Shroomery. I read the cookie from the Shroomery and couldn't believe, that I was able to read my password. This cookie is send through many computers before it reaches you, and is therefore possibly accesible to other people. I expected that the password would be encripted. You can take a look by yourself:

E.g. for Internet Explorer:
go to the "Internet Options" menu in the Internet Explorer. Under "temporary internet Files" push "preferences" in the next window push "show files". A Explorer showing your "temporary internet" files is displayed. Look for a text file named "wwwthreads" from the URL
"Cookie:name@shroomery.org/wwwthreads" (name is your Windows login name). Open it by pressing Enter. Windows will show a warning message, just go on. A notepad will open and you will see a line with text and numbers. The newline is not interpreted correctly by the notepad, so you may see a block instead of getting a new line. Look for "w3t_mypass" , after that your password is showed unecripted :(

The problem is that if someone knows your password, they can look at your private messages. I have myself got mail addresses through a PM (I deleted these messages) .
I just can say that you shouldn't send mail add. through the Shroomery PM, and you should take care about what you write through a PM. BTW hotmail & yahoo encript the password, this still doesn't mean that they are completelly secure.

I hope to hear some ideas from you about this security hole in the Shroomery.

Elektrolurch


--------------------
"For all the time spent in that room
The doll's house, darkness, old perfume
And fairy stories held me high on
Clouds of sunlight floating by.", Pink Floyd '67

Extras: Filter Print Post Top
OfflineMalice
still learning
Registered: 10/22/01
Posts: 69
Last seen: 13 years, 3 months
Re: Shroomery security concern [Re: Elektrolurch]
    #455888 - 11/12/01 10:59 AM (22 years, 3 months ago)

*rofl* i would not call this a security hole... it's just a shame- nothing more.
but what it makes to a hole ist this:

think about it.

more info's:
http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=exploit&id=3513

so think about your cookies *muhahahahah*

btw: admins could also modify your cookies - and/or save them. (just logging the outgoing script-generated html site's - nothing special, how jared will agree).


edit: damn the board rewrites my link:

root site:
here
just type in:
www.shroomery.org/wwwthreads/

btw: it is sure crypted by me.... maybe coz i got 128 bit encryption.... on rsa :oP


--------------------
*chill*

Edited by Malice (11/12/01 11:20 AM)

Extras: Filter Print Post Top
OfflineElektrolurch
enthusiast
Registered: 05/01/00
Posts: 307
Loc: Germany
Last seen: 17 years, 11 months
Re: Shroomery security concern [Re: Malice]
    #456755 - 11/13/01 05:32 AM (22 years, 3 months ago)

Thanx for the info...
The first try for the Google thing didn't work, because I was using Konqueror under Linux, but I tried it now with the IE...

Elektrolurch


--------------------
"For all the time spent in that room
The doll's house, darkness, old perfume
And fairy stories held me high on
Clouds of sunlight floating by.", Pink Floyd '67

Extras: Filter Print Post Top
Jump to top Pages: 1


Similar ThreadsPosterViewsRepliesLast post
* Paranoids guide to shroomery security. Anonymous 1,444 8 08/24/02 03:37 PM
by Anonymous
* Thor: Serious security issue zoodoo 2,614 13 06/05/02 04:58 AM
by Larrythescaryrex
* Question for admin, and F-Secure Lana 2,121 2 05/28/01 12:18 PM
by 3DSHROOM
* Encrypting your messages while using ICQ Lana 3,747 1 06/19/01 06:48 AM
by Anno
* Stealther: IP Chaining Prog to login Shroomery Lana 3,565 10 08/23/02 04:08 PM
by Fd3000
* 128 Bit Wireless Encryption Cracked Lana 1,782 7 08/20/01 07:12 PM
by Billyblastoff
* keyed encryption? Raadt 1,702 12 03/15/03 09:48 AM
by socratesmind
* Computer Security dog 1,369 10 12/22/03 03:31 PM
by dog

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
1,844 topic views. 0 members, 0 guests and 1 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.024 seconds spending 0.007 seconds on 14 queries.