[distroyer]

Hi,

I was going through a hacked community on orkut which was originaly my frnd's community, in one of the links i found a javascript which if i put in the address bar and press enter, it wld add me as a moderator of any community. Sounds interesting!! But when i suddenly thought cant that be a mis-chief made by someone????? So, i searched into google and found that type of cookie hacking does exist on orkut (pasting such javascript into address bar hacks account).

The js was like:

Code:

 

javascript:a=document.forms[1];a.action="CommMembers.aspx?cmm=34431350&Action.addModerator&

memberId=11520216688680582958";a.submit(); void(0) 

Now, my question is, if i clear my cookies, for how long will my cookies be sent to the attacker?? or is there any file that is stored in my computer that keeps sending my cookies to the attacker??? how do i get free from if my cookies are hacked?? OR does it send only once

[pradeep]

Cookies are not sent just like that, the browser has to post them, i.e. there has to be some actions from the user's side. The best safeguard against these kinds of attacks is to use NoScript plugin in firefox, I am unsure of any such plugin for Internet Explorer, try googling in case you are a IE user.