GBATemp Account Exploit

DavidRO99 · Oct 23, 2016

Tenshi_Okami said:
Why post the proccess tho, now people can use it to rob the accounts ;-;

you should had just sent it in a PM to mods...

First, somebody would have to get access to the actual cookies of a person

gnmmarechal · Oct 23, 2016

Luckkill4u said:
Lol you think its "easy"

It's not really that hard, phishing. I once made a phishing site just to test it out. It was using Minecraft's website. I literally just downloaded the site and uploaded it to a server, then changed the login function to just print the data to a file. lol. It was easy. I took it down shortly after, but apparently someone found it and tried to login. lmao.

Joe88 · Oct 23, 2016

this isnt new, even sites like amazon are vulnerable
theres even an android app that will session hijack (you just have to be on the same internet connection as them)

gnmmarechal · Oct 23, 2016

astronautlevel said:
I highly doubt Temp is vulnerable to SQL injection. Phising could also be used to get a password directly, there's no reason people would go out of the way to get the cookie instead.

Also, basically what @UniqueGeek said. There's no easy way around this because of how cookies work.

this.

Tenshi_Okami · Oct 23, 2016

DavidRO99 said:
First, somebody would have to get access to the actual cookies of a person

True true, totally forgot about that lol sorry.

gnmmarechal · Oct 23, 2016

DavidRO99 said:
Still, it is more secure than just letting people play with your account

Hell, I only use 2FA for Steam (cuz trades and market and all) and for the bank-related stuff. GBATemp is important, but I'm not important enough that anyone will bother hijacking my account just to piss me off soooo ya

Luckkill4u · Oct 23, 2016

gnmmarechal said:
It's not really that hard, phishing. I once made a phishing site just to test it out. It was using Minecraft's website. I literally just downloaded the site and uploaded it to a server, then changed the login function to just print the data to a file. lol. It was easy. I took it down shortly after, but apparently someone found it and tried to login. lmao.

I was talking more about SQLi, Phishing is easy but also easy to spot.

migles · Oct 23, 2016

can't this be used on almost every fucking site that auto logins?
i mean, how else the auto login system works?, a cookie is deposited on your computer, the website reads it and aknoledges that it's you
cookies guarantees that autologin works even if you change your ip or country..

if you have the cookie, that means it's you...
there is only 2 ways i can think to prevent this, get rid of autologin or when user logs out (by using the logout) that cookie is discarted and you need to login again

Bubsy Bobcat · Oct 23, 2016

What would people want to do with someone's GBAtemp account anyway? I mean there's really nothing they would be able to get out of it.

SomeGamer · Oct 23, 2016

Bubsy Bobcat said:
What would people want to do with someone's GBAtemp account anyway? I mean there's really nothing they would be able to get out of it.

PMs ( ͡° ͜ʖ ͡°)

DavidRO99 · Oct 23, 2016

Bubsy Bobcat said:
What would people want to do with someone's GBAtemp account anyway? I mean there's really nothing they would be able to get out of it.

Maybe destroy their reputation? Get them banned? Idk. I just felt like this needed to be pointed out.

gnmmarechal · Oct 23, 2016

Bubsy Bobcat said:
What would people want to do with someone's GBAtemp account anyway? I mean there's really nothing they would be able to get out of it.

gotta get them users banned by posting on their behalf

astronautlevel · Oct 23, 2016

DavidRO99 said:
Maybe destroy their reputation? Get them banned? Idk. I just felt like this needed to be pointed out.

It should be common knowledge how cookies work.

Viri · Oct 23, 2016

pls nobody steal my account with a lot of warnings, i value it too much

SomeGamer · Oct 23, 2016

Viri said:
lot of warnings

=!

Viri said:
value it too much

Deleted User · Oct 23, 2016

exploit

Can be used on almost every site with almost no results but you logging into your own account

DavidRO99 · Oct 23, 2016

VinLark said:
exploit

Can be used on almost every site with almost no results but you logging into your own account

If you get someones cookies you can actually log into their account

Deleted User · Oct 23, 2016

DavidRO99 said:
If you get someone's cookies you can actually log into their account

And how would you get somebody';s cookies? If it is as simple as running a script or a chrome extention, sure that might be a problem. But it isn't a prblem when you have to be on the network or have to know the email. It's kinda a non-problem at that point.

osm70 · Oct 23, 2016

Bubsy Bobcat said:
What would people want to do with someone's GBAtemp account anyway? I mean there's really nothing they would be able to get out of it.

I dare you. Say your password here.

Chary · Oct 23, 2016

gnmmarechal said:
Two Factor Authentication? That could be implemented, I assume, but that can be annoying.

As much as I love GBAtemp, I'd rather be hacked than give out my phone number. After hearing the rash of account bans on PSN, I added 2FA to my PS4, and suddenly I'm getting all sorts of weird spam calls. I only call three people on my phone, so it's weird that out of the blue, my number seems to be so find-able. I don't trust that sort of thing.

GBATemp Account Exploit

Average Ryzen user.

Well-Known Member

[λ]

Well-Known Member

Well-Known Member

Well-Known Member

4 guys in a car ( ͡° ͜ʖ ͡°)

All my gbatemp friends are now mods, except for me

funny rabbit

Well-Known Member

Average Ryzen user.

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Deleted User

Guest

Average Ryzen user.

Deleted User

Guest

Well-Known Member

Never sleeps

Similar threads

Popular threads in this forum