schnibble
May 18 2004, 09:39 AM
I'm trying to do cookie poisoning on my local phpbb forum, but can't do it...
So i would appreciate some tutorials, papers, or any help....
Searched around, but couldnt seem to find anything usefull, although it seems quite popular method!
setthesun
May 18 2004, 10:39 AM
Go with a web proxy like Spike, Web Proxy and any other web proxy.
You may read this article serie
http://www.securityfocus.com/infocus/1722
schnibble
May 19 2004, 03:32 AM
thnx.
I was using WebSleuth.
Still dont quite understand how to inject cookie. Tried just to inject MD5 hash, but that doesent work, becouse i need to put in session data, but dont understand how to create that. And there seems to be some other data also.
And i dont have enough will to studie the code from phpbb...
So any help would be welcome!
nuorder
May 19 2004, 04:10 AM
read my post in this thread for editing the cookie (i think thats what ur after?)
http://www.governmentsecurity.org/forum/in...l=iecookiesviewyou need the md5 hash, user name and user ID. thats all
schnibble
May 19 2004, 06:26 AM
I did it in the mean time.
Thanks all for help it was usefull.
I was looking for code that was creating cookie data, so i had to examine the code a lot. But finaly i cracked it. U need cookie name, MD5 hash and user id, serialize it and url encode it.
That's it! Preaty simple after all.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
