GBATemp Account Exploit

Discussion in 'General Off-Topic Chat' started by DavidRO99, Oct 23, 2016.

Thread Status:
Not open for further replies.
  1. DavidRO99
    OP

    DavidRO99 Average Ryzen user.

    Member
    975
    280
    Jun 11, 2016
    Korea, North
    your back-door
    I think the admins should look into this so for debugging I made a tutorial!
    I hope this is possible to fix by using some type of blocker as I dont want to see somebodys account get stolen by them not knowing what they are doing with their cookies.
    This is possible using cookies so... here is how to do it!
    • Step 1. Install EditThisCookie for Chrome
    • Step 2. Go to GBATemp and click on the cookie
    • Step 3. Click export and sign out of your account
    • Step 4. Click back on the cookie and then on the Trash until there is no cookie left
    • Step 5. Click on the Import icon
    • Step 6. Paste the cookie you just copied and click on the checkmark
    • Step 7. Refresh the page.
    • Step 8. Be amazed at how this works on netflix aswell
     
    Tomato Hentai and McWhiters9511 like this.


  2. VinsCool

    VinsCool Delusional

    Member
    GBAtemp Patron
    VinsCool is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,687
    27,667
    Jan 7, 2014
    Canada
    End of Time
    What is this supposed to do, exactly?
     
  3. DavidRO99
    OP

    DavidRO99 Average Ryzen user.

    Member
    975
    280
    Jun 11, 2016
    Korea, North
    your back-door
    Show how somebody can steal somebody elses cookie and log into their account with it
     
  4. SomeGamer

    SomeGamer GBAtemp Guru

    Member
    5,750
    2,703
    Dec 19, 2014
    Hungary
    Be a rebel, log in without using the button designed for this exact purpose.
     
  5. VinsCool

    VinsCool Delusional

    Member
    GBAtemp Patron
    VinsCool is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    11,687
    27,667
    Jan 7, 2014
    Canada
    End of Time
    Seriously? I think this is a serious technical issue admins should know about.
     
    Alkéryn and hobbledehoy899 like this.
  6. DavidRO99
    OP

    DavidRO99 Average Ryzen user.

    Member
    975
    280
    Jun 11, 2016
    Korea, North
    your back-door
    I know, and I know there is a way to fix it because it doesnt work on gmail. I just dont know how
     
  7. Luckkill4u

    Luckkill4u 4 guys in a car ( ͡° ͜ʖ ͡°)

    Member
    996
    527
    Jul 13, 2008
    Canada
    Insomnia
    Someone will have to get access to your cookies/computer first.
     
  8. Boogieboo6

    Boogieboo6 @realDonaldTrump

    Member
    942
    1,275
    Jul 30, 2015
    United States
    But how'd you find this? Were you trying to hack GBATemp?? :creep:
     
    RevPokemon, Voxel and AlanJohn like this.
  9. DavidRO99
    OP

    DavidRO99 Average Ryzen user.

    Member
    975
    280
    Jun 11, 2016
    Korea, North
    your back-door
    Really easy with SQL Injection/Phising

    — Posts automatically merged - Please don't double post! —

    Nah, just trying to get into netflix without owning a account(and I succeded xD) so I decided to try this with GBATemp
     
    ThePanchamBros likes this.
  10. AlanJohn

    AlanJohn くたばれ

    Member
    3,456
    2,928
    Jan 6, 2011
    Canada,New Jersey
    Thank you for pointing this out. From now on, I will use GBAtemp in incognito mode only.
    Can't let my mom check out my PMs! ;O;
     
    jDSX, nxwing, Returnofganon and 5 others like this.
  11. Darkyose

    Darkyose Mysterious

    Member
    792
    1,542
    Jan 26, 2016
    United States
    Home Alone Somewhere.
    I thought this was an alternate browserhax for 3ds...
     
    Ricken and gnmmarechal like this.
  12. evandixon

    evandixon PMD Researcher

    Member
    1,665
    786
    May 29, 2009
    United States
    This is how the internet works. There's nothing the admins can do besides redefining how every website ever functions.
     
    cearp and astronautlevel like this.
  13. DavidRO99
    OP

    DavidRO99 Average Ryzen user.

    Member
    975
    280
    Jun 11, 2016
    Korea, North
    your back-door
    Maybe what steam does? A verification system?
     
  14. Luckkill4u

    Luckkill4u 4 guys in a car ( ͡° ͜ʖ ͡°)

    Member
    996
    527
    Jul 13, 2008
    Canada
    Insomnia
    Lol you think its "easy"
     
    astronautlevel likes this.
  15. DavidRO99
    OP

    DavidRO99 Average Ryzen user.

    Member
    975
    280
    Jun 11, 2016
    Korea, North
    your back-door
    It is easy.... there are plenty of tutorials about doing it with just an image for example. All you need is a vulnerable site.
     
  16. gnmmarechal

    gnmmarechal Kirigiri > Naoto

    Member
    GBAtemp Patron
    gnmmarechal is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    4,530
    2,711
    Jul 13, 2014
    Portugal
    https://gs2012.xyz
    Two Factor Authentication? That could be implemented, I assume, but that can be annoying.
     
  17. Luckkill4u

    Luckkill4u 4 guys in a car ( ͡° ͜ʖ ͡°)

    Member
    996
    527
    Jul 13, 2008
    Canada
    Insomnia
    Phishing maybe if the user is stupid but SQLi is not easy, even if the vulnerabilities are there...
     
    TotalInsanity4 and VinLark like this.
  18. Tenshi_Okami

    Tenshi_Okami GBAtemp Maniac

    Member
    1,376
    564
    Nov 3, 2015
    Puerto Rico
    Why post the proccess tho, now people can use it to rob the accounts ;-;

    you should had just sent it in a PM to mods...
     
  19. DavidRO99
    OP

    DavidRO99 Average Ryzen user.

    Member
    975
    280
    Jun 11, 2016
    Korea, North
    your back-door
    Still, it is more secure than just letting people play with your account
     
  20. astronautlevel

    astronautlevel Trying to Find My Way

    Member
    4,025
    4,962
    Jan 26, 2016
    United States
    That Nightly Site™
    I highly doubt Temp is vulnerable to SQL injection. Phising could also be used to get a password directly, there's no reason people would go out of the way to get the cookie instead.

    Also, basically what @UniqueGeek said. There's no easy way around this because of how cookies work.
     
    TotalInsanity4 and gnmmarechal like this.
Thread Status:
Not open for further replies.