- Posts: 49
- Thank you received: 0
Google Cookies?
17 years 2 months ago #23493
by cyberoidx
Surya Sharma
www.Technodrome.info
AR3 Y0U T3CH ENOUGH FOR IT?
Google Cookies? was created by cyberoidx
My google cookie just got stolen
(Cant believe how EASY it is to exploit the cookies using orkut.com just run a stuid J/S code for doc.cookie, use a cookie switcher and access is granted)
I've switched passwords and done eerything under the sun, but the guy yet has access.
So i wanted to know how long does it take for the google cookie to expire (i've heard reports of "till 2023" / 2 years / and two weeks
Can someone tell me which one is the valid one?
(Cant believe how EASY it is to exploit the cookies using orkut.com just run a stuid J/S code for doc.cookie, use a cookie switcher and access is granted)
I've switched passwords and done eerything under the sun, but the guy yet has access.
So i wanted to know how long does it take for the google cookie to expire (i've heard reports of "till 2023" / 2 years / and two weeks
Can someone tell me which one is the valid one?
Surya Sharma
www.Technodrome.info
AR3 Y0U T3CH ENOUGH FOR IT?
17 years 2 months ago #23497
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Google Cookies?
Hi there,
Whats the cookie used for and how did you spot that its been compromised (just interested) ?
I will do some enquiries on how to expire it.
Cheers
Whats the cookie used for and how did you spot that its been compromised (just interested) ?
I will do some enquiries on how to expire it.
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
17 years 2 months ago #23498
by cyberoidx
Surya Sharma
www.Technodrome.info
AR3 Y0U T3CH ENOUGH FOR IT?
Replied by cyberoidx on topic Re: Google Cookies?
Well, when you are using orkut, just use the document.cookie syntax to get the cookie. After this aarently there are many Programs that allow you to take your cookie and switch the art that is required.
I have chnaged my password 3 or 4 times, but the Person yet has acccess.. the only thing i can do is expect the best, and wait for 2 weeks, which the google login page specifies as the time out Period.
I found that manik29.lenhost.info/ has PHP pages that steal the code and store them in some database.
I have chnaged my password 3 or 4 times, but the Person yet has acccess.. the only thing i can do is expect the best, and wait for 2 weeks, which the google login page specifies as the time out Period.
I found that manik29.lenhost.info/ has PHP pages that steal the code and store them in some database.
Surya Sharma
www.Technodrome.info
AR3 Y0U T3CH ENOUGH FOR IT?
17 years 2 months ago #23499
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Google Cookies?
How do you know that the person has access ? It seems like a bit of a security hole if you can change your password and the cookie stil doesn't pick up this fact.
You say you executed a script which allowed this person to gain access to the cookie ?
You say you executed a script which allowed this person to gain access to the cookie ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
17 years 2 months ago #23500
by cyberoidx
Surya Sharma
www.Technodrome.info
AR3 Y0U T3CH ENOUGH FOR IT?
Replied by cyberoidx on topic Re: Google Cookies?
The page had a javascipt that was executed to pickup the cookie.
I know that usually changing the password should fix the problems. But its not working in this case I've changed it 4 times already.
Pretty sure no keyloggers on my system... ran ProcessXP and autoruns to doublecheck.
I know that usually changing the password should fix the problems. But its not working in this case I've changed it 4 times already.
Pretty sure no keyloggers on my system... ran ProcessXP and autoruns to doublecheck.
Surya Sharma
www.Technodrome.info
AR3 Y0U T3CH ENOUGH FOR IT?
17 years 2 months ago #23501
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Google Cookies?
Not 100% sure how you know that changing the password hasn't worked ? Do you mean that its not reprompting for the password after you changed it or the cookie hasn't changed.
I can see how you know that the cookie has been compromised if there javascript executed but how do you know access can still be gained now you have changed the password ?
I can see how you know that the cookie has been compromised if there javascript executed but how do you know access can still be gained now you have changed the password ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.133 seconds