www.parahead.com

Show off your Coranto-powered web sites in here!
Want to get some ideas as to what Coranto can do? Come on in, and browse...

Moderator: Spunkmeyer

Postby Parahead » Sun Mar 21, 2004 11:08 am

kriko wrote:Perhaps the link won't work on another computer. I tried opening the refer link in Internet Explorer and that logged me on there. While I visit this site only with Firebird. Therefore there was no pre-set login in IE for these forums and that url must have made me log in there too. From that I assumed that the link was kind of a security breach in a way.
Well, OK, maybe it is a breach then??? But then I would say it is phpBB that must take care of that. That I presented the link is one thing (which I now have removed) but worse than that is that *any* external link from the forum is a threat then and could be used by the person that "owns" that link to hijack your current session?
Yes, I am still around...
www.parahead.com/coranto/
User avatar
Parahead
 
Posts: 4837
Joined: Fri Jan 12, 2007 8:54 pm
Location: Stockholm - Sweden

Postby faithless » Sun Mar 21, 2004 3:02 pm

Session ids are usually coupled with user-agent keys and user ips to check if the user is who he claims to be.

If phpBB fails to even prevent such simple hijacking, then I must say, it is a very very poorly written script. :x
faithless
 
Posts: 1335
Joined: Wed Oct 16, 2002 4:17 pm
Location: Infront of the Computer

Postby faithless » Sun Mar 21, 2004 3:03 pm

Parahead: Where did the head go!?! I want the head!!! :lol:
faithless
 
Posts: 1335
Joined: Wed Oct 16, 2002 4:17 pm
Location: Infront of the Computer

Postby kriko » Sun Mar 21, 2004 4:04 pm

faithless wrote:Session ids are usually coupled with user-agent keys and user ips to check if the user is who he claims to be.

If phpBB fails to even prevent such simple hijacking, then I must say, it is a very very poorly written script. :x

I gave my link to Parahead, he tried it and there was no session created for him. I suppose phpBB checks for IP too, but not for browser.
Kristjan aka. kriko
now a wireless expert
User avatar
kriko
 
Posts: 3328
Joined: Sat Feb 24, 2007 8:13 pm

Postby Parahead » Sun Mar 21, 2004 4:06 pm

faithless wrote:Session ids are usually coupled with user-agent keys and user ips to check if the user is who he claims to be.

If phpBB fails to even prevent such simple hijacking, then I must say, it is a very very poorly written script. :x
Me and kriko just did a test and I was *not* logged in with his session-id... Didn´t think so either, but since the question was raised it needed to be tested... ;-)
Yes, I am still around...
www.parahead.com/coranto/
User avatar
Parahead
 
Posts: 4837
Joined: Fri Jan 12, 2007 8:54 pm
Location: Stockholm - Sweden

Postby Parahead » Sun Mar 21, 2004 4:11 pm

faithless wrote:Parahead: Where did the head go!?! I want the head!!! :lol:
On request: http://www.parahead.com/parahead.html :lol:
Yes, I am still around...
www.parahead.com/coranto/
User avatar
Parahead
 
Posts: 4837
Joined: Fri Jan 12, 2007 8:54 pm
Location: Stockholm - Sweden

Postby faithless » Mon Mar 22, 2004 12:11 am

Parahead wrote:
faithless wrote:Parahead: Where did the head go!?! I want the head!!! :lol:
On request: http://www.parahead.com/parahead.html :lol:


Just an idea to throw around. Why not have that head be the main index.html and then have the link at the bottom that proclaims parahead.com to link to the "main" page? (ie: the current "news" page)
faithless
 
Posts: 1335
Joined: Wed Oct 16, 2002 4:17 pm
Location: Infront of the Computer

Postby Parahead » Mon Mar 22, 2004 7:54 am

faithless wrote:Just an idea to throw around. Why not have that head be the main index.html and then have the link at the bottom that proclaims parahead.com to link to the "main" page? (ie: the current "news" page)
Nah, I am no big fan of sites using an intro-page of some sort...
Yes, I am still around...
www.parahead.com/coranto/
User avatar
Parahead
 
Posts: 4837
Joined: Fri Jan 12, 2007 8:54 pm
Location: Stockholm - Sweden

Previous

Return to Showcase

Who is online

Users browsing this forum: No registered users and 2 guests

cron