Toggle sidebar

GBATemp Account Exploit

  • Thread starter Thread starter DavidRO99
  • Start date Start date
  • Views Views 6,208
  • Replies Replies 67
  • Likes Likes 2
Status
Not open for further replies.
Luckkill4u said:
Lol you think its "easy"
Click to expand...
It's not really that hard, phishing. I once made a phishing site just to test it out. It was using Minecraft's website. I literally just downloaded the site and uploaded it to a server, then changed the login function to just print the data to a file. lol. It was easy. I took it down shortly after, but apparently someone found it and tried to login. lmao.
 
this isnt new, even sites like amazon are vulnerable
theres even an android app that will session hijack (you just have to be on the same internet connection as them)
 
Last edited by Joe88,
  • Like
Reactions: astronautlevel
astronautlevel said:
I highly doubt Temp is vulnerable to SQL injection. Phising could also be used to get a password directly, there's no reason people would go out of the way to get the cookie instead.

Also, basically what @UniqueGeek said. There's no easy way around this because of how cookies work.
Click to expand...
this.
 
DavidRO99 said:
Still, it is more secure than just letting people play with your account
Click to expand...
Hell, I only use 2FA for Steam (cuz trades and market and all) and for the bank-related stuff. GBATemp is important, but I'm not important enough that anyone will bother hijacking my account just to piss me off soooo ya
 
  • Like
Reactions: Deleted User
gnmmarechal said:
It's not really that hard, phishing. I once made a phishing site just to test it out. It was using Minecraft's website. I literally just downloaded the site and uploaded it to a server, then changed the login function to just print the data to a file. lol. It was easy. I took it down shortly after, but apparently someone found it and tried to login. lmao.
Click to expand...
I was talking more about SQLi, Phishing is easy but also easy to spot.
 
can't this be used on almost every fucking site that auto logins?
i mean, how else the auto login system works?, a cookie is deposited on your computer, the website reads it and aknoledges that it's you
cookies guarantees that autologin works even if you change your ip or country..

if you have the cookie, that means it's you...
there is only 2 ways i can think to prevent this, get rid of autologin or when user logs out (by using the logout) that cookie is discarted and you need to login again
 
  • Like
Reactions: raulpica, Deleted User, astronautlevel and 1 other person
DavidRO99 said:
If you get someone's cookies you can actually log into their account
Click to expand...
And how would you get somebody';s cookies? If it is as simple as running a script or a chrome extention, sure that might be a problem. But it isn't a prblem when you have to be on the network or have to know the email. It's kinda a non-problem at that point.
 
gnmmarechal said:
Two Factor Authentication? That could be implemented, I assume, but that can be annoying.
Click to expand...
As much as I love GBAtemp, I'd rather be hacked than give out my phone number. After hearing the rash of account bans on PSN, I added 2FA to my PS4, and suddenly I'm getting all sorts of weird spam calls. I only call three people on my phone, so it's weird that out of the blue, my number seems to be so find-able. I don't trust that sort of thing.
 
  • Like
Reactions: Deleted User, dimmidice, gnmmarechal and 2 others
Status
Not open for further replies.

Site & Scene News

Go to forum More news

Popular threads in this forum

My mother passed away

Jimmy Kimmel Live and The Big Bang Theory . do you really find it funny

Anybody using Google Chrome? Watch out!

Retro gaming is back and stronger than ever

Do we think AI and robots will take over?

Random facts

Hardware  Dashcam recommendations?

What projects are we all working on?