Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Categories

LOL here is your thief

dankdank
edited May 2012 in General
Careful with these links he can reactivate the script at any time.

massive.web44.net/screenshot.jpg
massive.web44.net/screenshot.gif
massive.web44.net/logfile.txt

Sorry I blew off the jpg. Someone is stealing your cookies. If you looked at this site log out of SK asap. Change your password when you get back in.
«1

Comments

  • dankdank
    edited May 2012
    It's proof that it is a cookie stealer. Do not click on those links while signed into sk they are all active. Only click those if you know what the hell you're doing.

    http://hellofhackerz.forumotion.com/t172-hack-any-a-c-id-by-cookies-stealer-easily

    Pretty much all you need to do is read this website and download live http headers for firefox to replay the cookies. Then it's money.
  • dankdank
    edited May 2012
    Think he's playing with it now. Yes it only applies to the browser you are using.
  • dankdank
    edited May 2012
    It's a really old exploit that defies belief if it isn't patched in this forum, but everyone clicked that jpg? I clicked all of those links with .jpg .gif and even .txt they all went to the same picture. Either I had an LSD flashback or that's the problem.
  • DarkFortDarkFort
    Seems as if FC is behind this.
  • dankdank
    edited May 2012
    Don't turn this into a troll thread yet. BCart needs to patch that or they'll keep doing it. Probably has to disable something.
  • jesterawxjesterawx
    So who posted them originally?
  • DarkFortDarkFort
    Cheater_Hunter
  • Blitz0sBlitz0s
    It affects the browser your are using. What exactly does it affect within that browser? Gains it access to all your cookies, or just the ones you are using at that time, or does it only affects the SK cookie?

    That if affects the browser ur are using isnt very reassuring.. I mean I sometimes have 10-15 tabs open with all kind of business..
  • LewsTherinLewsTherin
    The links should be disabled...I just clicked it...
  • DarubianDarubian
    Wait a second. Do those links steal sk cookies only or should I be concerned with other online passwords?
  • DarubianDarubian
    Shut the fuck up amog. I want the question answered. I have sensitive information loaded on my browser and if someone has that info I need to know.

    Dank, does someone have access to my bank account?
  • LewsTherinLewsTherin
    Shut the fuck up amog. I want the question answered. I have sensitive information loaded on my browser and if someone has that info I need to know.

    Dank, does someone have access to my bank account?
    Your bank is safe. Its your others that you should be cautious about such as Gmail, FB, Twitter (if you are gay enough to use it).
  • pospos
    edited May 2012
    I've looked into this a little bit.

    It doesnt appear that the starkingdoms cookie stores any of your account information like passwords or emails. It only stores your session id. (Which to be fully secure should always compare with something in the database etc - isn't happening here if this is true) (check your own cookies if you dont believe me - if you are using chrome then when ingame: right click->inspect element->resources tab->click the cookies link and then www.starkingdoms.com. other browsers i wouldnt have an idea)

    if this whole thing is true then i'm assuming that the person is using your session information to access accounts. (uses your session = website thinks he is you).

    So I don't think passwords are at risk but it depends on a few more things we dont know. if you are concerned then change your password.

    Also as far as I know your other website cookies shouldnt of been taken. Web browsers would consider that a huge xml vulnerability if it was possible. The only cookies this type of vulnerability takes are those from the website its hotlinked from.

    Think of this vulnerability as being similar to those facebook like links you see everywhere. They work in the same way except it uses your cookie to initiate a like on facebook.
  • LewsTherinLewsTherin
    I've looked into this a little bit.

    It doesnt appear that the starkingdoms cookie stores any of your account information like passwords or emails. It only stores your session id. (Which to be fully secure should always compare with something in the database etc - isn't happening here if this is true) (check your own cookies if you dont believe me - if you are using chrome then when ingame: right click->inspect element->resources tab->click the cookies link and then www.starkingdoms.com. other browsers i wouldnt have an idea)

    if this whole thing is true then i'm assuming that the person is using your session information to access accounts. (uses your session = website thinks he is you).

    So I don't think passwords are at risk but it depends on a few more things we dont know. if you are concerned then change your password.

    Also as far as I know your other website cookies shouldnt of been taken. Web browsers would consider that a huge xml vulnerability if it was possible. The only cookies this type of vulnerability takes are those from the website its hotlinked from.

    Think of this vulnerability as being similar to those facebook like links you see everywhere. They work in the same way except it uses your cookie to initiate a like on facebook.
    Yeah I had thought so. But wasn't sure.
  • dankdank
    edited May 2012
    The guy disabled the script shortly after I made the thread. So I just left those 3 links up for the Cart to see what transpired. It steals your most current session info. He cant get into ur bank info no worries. It works for the server ur targetting only cuz he knows ur on SK. Kind of a hit or miss. He didnt get every person to click the link. Also probably didnt have full access to ur kingdom but a few things worked like suiciding probes. Prolly desired to sucide u all but couldnt.
  • PersonaPersona
    my understanding is he is sending people links on AIM that do the same thing
  • dankdank
    He could potentially hide these in pictures, and many other places. Until BCart patches the forum don't click any links or pics. I wouldn't even click on a youtube link. When the dust settles our youtube fun is likely over along with inserting html into the pages. All we'll be left with is a butt ugly forum.
  • LewsTherinLewsTherin
    He could potentially hide these in pictures, and many other places. Until BCart patches the forum don't click any links or pics. I wouldn't even click on a youtube link. When the dust settles our youtube fun is likely over along with inserting html into the pages. All we'll be left with is a butt ugly forum.
    Could he insert them into the PF avatar pictures? So whenever we see his post we get it.
  • QwjvfiilQwjvfiil
    @BcartFall
    If only it was that easy to get him to fix stuff haha
  • dankdank
    edited May 2012
    He can't really do it to his avatar it has to be a spoofed link. Your avatar has to be uploaded to the server. He could do it with a banner in a sig, but BCart had already disabled that option. What happened is BCart tried to give us more functionality and kewl things like youtube links and the ability to insert html. In the process it opened the site up to this vulnerability.
  • DogtownDogtown
    Didn't this happen on the old forums too?
  • TyrsisTyrsis
    My bad guys I won't do it again.
  • dankdank
    edited May 2012
    Yes, this is a very old exploit. This is the reason external links were removed from avatars, banners, and in the forums signatures were removed. He had corrected this problem. I suspected it might be active in Vanilla forums but I didn't have a desire to hack you guys. It was only a matter of time before somebody else tried.

    So here is what I'm wondering. Somebody ddos'ed Kesha. Beanland mentioned that it hit him as well. Now we have somebody hacking users from the forum. I also saw Kesha mention that his bot wasn't creating all of these accounts to fill up 8 galaxies. I'd like to know if that is true and if we have some competition on the server now. This is one of the things I was warning about. When Kesha is over here building a giant bot the only competition is another bot. We might have a new hacker on the scene that wants to throw down a challenge to his reign.

    If so welcome aboard whoever you are. Sorry to rain on your parade but you hit Darubian and Lews who are homies. Otherwise I wouldn't have said a thing. ;)
  • TyrsisTyrsis
    Lynog is running the other bot.
  • dankdank
    I for one welcome our new scouse overlords.
  • DamdredDamdred
    kesha vs mysterious person?
  • TyrsisTyrsis
    All lynog did was talk about how he wanted someone to make a bot that would make farm KD's to keep SK alive. He even would say he would make it himself sometime. If it isn't him it's someone close to him.
  • ZealityZeality
    Wasn't just lynog, there was like forty of us who said it would be a fantastic idea :-p
    I say that cause lynog is too computer-stupid to make a bot himself, could be any number of people that was in [Scallywags] or even someone who had the idea beforehand.

    Either way, queer made me spend a 2 robs on rebuilding, I would like compensation in the form of a max bank.
  • TyrsisTyrsis
    This was many rounds before scally. I see what you are saying though and it could be a variety of people but again who would actually waste their time on it?
  • ZealityZeality
    I just mean that big collective conversation happened, then the next round it appeared. Of course it was discussed earlier. As for who, dunno but i dont much care. I thank them :D
Sign In or Register to comment.