Comments
thread: The Site
Solution to above: Use $_SESSION instead of $_COOKIE.
Actually, using PHP sessions still sets a phpsessid cookie, and copying that is still all that is is needed to take over a session/log in as someone else. No matter what method you use for session identification it can be vulnerable to anyone with the ability to MITM a connection which is why there is such a push towards HTTPS nowadays.
Glacials likes this
thread: The Site
Some other things I just found:
- There exists an XSS when posting images, this is kinda critical, can be used to execute any Javascript I desire
- Liking posts and logging out don't carry a CSRF token so I can force-log people out or make them like any post.
- There is no sanity checking on the thread ID that you post replies to so there is a hidden thread in which I (among others) tested/discovered these. Given said thread probably has some dangerous JS running around now I won't post it publicly, but hit me up in IRC for further details (I'm in the channel at the moment).
troll_account likes this
Showing 1 to 2 of 2
About Cameron_D
Joined
Online
Runs
0