tranceaddict hackable ? FAO TA Admin.

TranceAddict Forums (www.tranceaddict.com/forums)
- Chill Out Room
-- tranceaddict hackable ? FAO TA Admin.

Posted by Rostros on Mar-14-2002 13:31:

tranceaddict hackable ? FAO TA Admin.

I was not sure where to post this information on the forums but, I have been playing around with the site to look for its week points, don't worry i ain't done anything but I have seen a big hole in your security on the Forums. take a look at this

Edited by Blik

Posted by AndiH on Mar-14-2002 14:18:

wow...you seem to be a |33t hacker

vbulletin cannot be hacked the way you described it...(feel free to hack my account...)

Posted by Blik on Mar-14-2002 15:11:

PM Swamper and don't post it in public on the board dude, I thought you would be smarter than that!!

closed

Posted by Swamper on Mar-14-2002 18:18:

haha

Well Blik told me what you said.

Here's some insight:

The s=xxxxxxxxxxxxxxxxxx session ID that is present in the URL links your IP, browser version/type, and time into an algorithm and pumps out that string - now in order for you to see or access something someone else is seeing you have to have that session ID and match all of the other variables.

You're not a hacker m8, don't waste your time on here, I do network security in my spare time...

besides, even if you did find a real exploit there are ways to report it - www.vbulletin.com for one, or feedback/PM to me

What you did is sort of like putting a sign on somebody's lawn saying that they left their keys in their front door but you're not sure if it's the right key but you just wanted to let them know. (i.e. putting a message in their mailbox would've sufficed)