GBATemp Account Exploit

[InsaneNutter]

SQL Injection or just Phising

Your not doing an SQL injection though, or even phishing

All you doing here is backing up your cookie and restoring it, as far as GBA Temp is concerned you never logged out.

I could be logged in to GBA Temp, format my PC, restore a backup and still be logged in.

 

[DavidRO99]

Your not doing an SQL injection though, or even phishing

All you doing here is backing up your cookie and restoring it, as far as GBA Temp is concerned you never logged out.

I could be logged in to GBA Temp, format my PC, restore a backup and still be logged in.

This is actually cookie manipulation, but to get someones cookie you have to A) Have a trojan on their PC, B)SQL Injection on a vuln site, C)Phising

 

[astronautlevel]

This is actually cookie manipulation, but to get someones cookie you have to A) Have a trojan on their PC, B)SQL Injection on a vuln site, C)Phising

Thank you for explaining why your own "exploit" is worthless.

 

[InsaneNutter]

This is actually cookie manipulation, but to get someones cookie you have to A) Have a trojan on their PC, B)SQL Injection on a vuln site, C)Phising

Exactly, which means it's not an issue with GBA Temp or XenForo as you haven't done any of what you just mentioned.

 

[chaosrunner]

CLICK BAITED this no exploit its another way to logn in

 

[MRJPGames]

I think the admins should look into this so for debugging I made a tutorial!
I hope this is possible to fix by using some type of blocker as I dont want to see somebodys account get stolen by them not knowing what they are doing with their cookies.
This is possible using cookies so... here is how to do it!

• Step 1. Install EditThisCookie for Chrome
• Step 2. Go to GBATemp and click on the cookie
• Step 3. Click export and sign out of your account
• Step 4. Click back on the cookie and then on the Trash until there is no cookie left
• Step 5. Click on the Import icon
• Step 6. Paste the cookie you just copied and click on the checkmark
• Step 7. Refresh the page.
• Step 8. Be amazed at how this works on netflix aswell

Uhm... This is not hacking. It just means GBATemp (and a lot of other sites) don't fully end their sessions. This is basically not big deal, the only way this could be a problem is if someone stole your cookie (noting it changes from time to time so it won't work forever). This does bring up a serious issue with GBATemp and that is that in a local network you share with other people, like work, school or public wifi you might be vulnarable to a mitm attack. And because GBATemp STILL doesn't use SSL your cookies could be stolen in those cases.

But I'm honestly amazed this was even thread worthy, it's basically how websites work.

--------------------- MERGED ---------------------------

This is actually cookie manipulation, but to get someones cookie you have to A) Have a trojan on their PC, B)SQL Injection on a vuln site, C)Phising

Or just a local network attacker who is mitm. Or even more fun for stupid users who use webproxies for some reason their could be a pitm (proxy in the middle).

 

[fafaffy]

It's like saying:

• You verified your identity with the bouncer, and was given a nametag as proof
• You went inside the place with the nametag
• You took out the nametag while you were still inside, so now the place no longer "knows" who you are, but you never threw away your nametag
• You put the nametag back on
• The place now recognizes who you are again
• hax!

 

[raulpica]

Errr... How is this a vulnerability? Half of the internet works this way and the other half doesn't use cookies.

Thread locked.