When I used to play the game two or more years ago we used to have a method of gaining access to accounts if they were logged in on the users computer. Now I'm not asking anyone how to do this as it got patched after a week or two, well alright I am asking how to do it however for research purposes on how to safeguard a web app.

Anyone remember what I'm on about? It wasn't a phisher. The user would click a link and then they'd unknowingly give us some data when we asked them a few questions we'd we would paste into the URL at the top and hey presto, onto the account.


Moderators, feel free to remove the thread with a justified reason via PM considering I've stated my reasons for asking.

The sessionID was stolen I believe. Not sure on anything else but it would send your session.

Yeah that was it, cheers. Mods can delete/close/whatever now.


You must spread some Reputation around before giving it to Wiizzz again.

Ugh.

No rush.

Woah, so that's how I got hacked?
If the user gave you a link, but you didn't click on it, instead you went on it via google, would that still occur?

And someone lied about gaining access to my Facebook account via my cookies, he called it 'cookie spoofing' ;/