funnylutefisk Posted September 13, 2007 Share Posted September 13, 2007 Would it be possable to use myspace's cookie that remembers your first name when you log into my webpage? So that a site you have never been to knows your first name? Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted September 13, 2007 Share Posted September 13, 2007 no and myspace doesn't leave your name or anything in a cookie, just a number/id thing. If they did it would be a huge security risk. Quote Link to comment Share on other sites More sharing options...
funnylutefisk Posted September 13, 2007 Author Share Posted September 13, 2007 I'm pretty sure they do I looked at there code they use cookies and if you put java script:alert(unescape(document.cookie)); in your browser on the home page it shows the cookie it's using and says your name at the end under SplashDisplayName. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted September 13, 2007 Share Posted September 13, 2007 oh son of a bitch, myspace is so fucked up! Quote Link to comment Share on other sites More sharing options...
jollyrancher82 Posted September 13, 2007 Share Posted September 13, 2007 oh son of a bitch, myspace is so fucked up! Many sites that have user authentication store your username/name in a cookie... Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted September 13, 2007 Share Posted September 13, 2007 oh son of a bitch, myspace is so fucked up! Many sites that have user authentication store your username/name in a cookie... they suckzor too cookies should (almost) never contain user data Quote Link to comment Share on other sites More sharing options...
Sparda Posted September 13, 2007 Share Posted September 13, 2007 Would it be possable to use myspace's cookie that remembers your first name when you log into my webpage? So that a site you have never been to knows your first name? You can, but I don't think any one would tell a skiddie how to. Quote Link to comment Share on other sites More sharing options...
jollyrancher82 Posted September 13, 2007 Share Posted September 13, 2007 oh son of a bitch, myspace is so fucked up! Many sites that have user authentication store your username/name in a cookie... they suckzor too cookies should (almost) never contain user data You should stop logging into these forums then. ;) Quote Link to comment Share on other sites More sharing options...
Deveant Posted September 13, 2007 Share Posted September 13, 2007 oh son of a bitch, myspace is so fucked up! Many sites that have user authentication store your username/name in a cookie... they suckzor too cookies should (almost) never contain user data You should stop logging into these forums then. ;) haha i like that :) i see no issue with storing the user name in a cookie, sure having there open pass, phone# or house address is wrong, but an ID or Display name, is nothing wrong. Quote Link to comment Share on other sites More sharing options...
digip Posted September 13, 2007 Share Posted September 13, 2007 Would it be possable to use myspace's cookie that remembers your first name when you log into my webpage? So that a site you have never been to knows your first name? Use a little scripting to do the same function, only set its output to a text file/log instead of an alert box and then retrive the data later. Maybe script it in PHP? Not sure how you would call the cookie from another domain though. Quote Link to comment Share on other sites More sharing options...
Sparda Posted September 13, 2007 Share Posted September 13, 2007 Not sure how you would call the cookie from another domain though. XSS Quote Link to comment Share on other sites More sharing options...
digip Posted September 13, 2007 Share Posted September 13, 2007 Not sure how you would call the cookie from another domain though. XSS How would he do this then? Would he create a frame for myspace.com(hidden) within his page and then call the cookie data and it will return it for both his and the myspace site? I thought XSS attacks would have to be where you insert the code to a script onto the target site, ex: he would have to insert some javascript into a myspace.com page that calls the script from another site, say in a comment box, etc. How can he do the reverse from his site? Quote Link to comment Share on other sites More sharing options...
Sparda Posted September 13, 2007 Share Posted September 13, 2007 I really don't want to release another skidde on to the Internet, it's bad for business. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted September 13, 2007 Share Posted September 13, 2007 tomb I can't find any identifying information left in any cookies from forums.hak5 am I missing something? Quote Link to comment Share on other sites More sharing options...
jollyrancher82 Posted September 13, 2007 Share Posted September 13, 2007 tomb I can't find any identifying information left in any cookies from forums.hak5 am I missing something? Copy and paste your cookie into a private message and I'll look. Quote Link to comment Share on other sites More sharing options...
SomeoneE1se Posted September 14, 2007 Share Posted September 14, 2007 tomb I can't find any identifying information left in any cookies from forums.hak5 am I missing something? Copy and paste your cookie into a private message and I'll look. any why do I think this is a bad idea? Quote Link to comment Share on other sites More sharing options...
Deveant Posted September 14, 2007 Share Posted September 14, 2007 haha, all my cookie has is: PHPSESSID, and SMFCookiexxx, doesnt contain any personal details, though enough to spoof my account :) Quote Link to comment Share on other sites More sharing options...
operat0r_001 Posted September 18, 2007 Share Posted September 18, 2007 beef proxy Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.