Re: auto-login hacked files for XOOPS 2.0.9.2
- As this forum is only for commentation, you cannot open a new topic
- Guests cannot post into this forum
Target |
Downloads |
Subject |
auto-login hacked files for XOOPS 2.0.9.3 |
Summary |
== AUTO-LOGIN V2 (REMEMBER ME) hacked files for XOOPS 2.0.9.x ==Security fix: overwrite include/checklogin.php and include/common.php again.------------------------------------------------------------------Hacked core files to be able to login autom... |
msg# 1
dasdan
From: Belgium / Ghent
Posts: 4
This hack stores the password as an MD5 hash on the client, but this is vulnerable to dictionary attacks, and simple copying to another computer.
This hack is a potential security hole, don't enable it lightly.
I was thinking , client logs in, server creates a unique random ID and stores in DB, sends it back to the client and stores it in a cookie. Next page visit, server cheques unique ID, if match -> generates a New ID, else user needs to login again. (possible a hacked)
Votes:0
Average:0.00
msg# 1.1
hi dasdan.
It sounds a good idea.
As long as the recent cookie is stolen, attacker cannot login successfully.
But some users who uses 2 and above browsers (eg. in Office&Home) can't login automatically anymore.
After my current work is over, I'll consider it.
Votes:0
Average:0.00