Blue sleeping bags given to X's

[Kent]

Just wondering Kent, but is that the same technique a certain Just-one shown you? I've known about a security hole for ages, and I was thinking if you've both been using the same hole.

Just curious, I don't know much about the hole lol.

It was with the Javascript session Id given to each user when they sign/log in. You direct a person to a website and it sends you their javascript session id allowing you to use it on habbo and yours their ID for you to sign into their account. It only worked if the habbo had been logged in for 20 minutes or less or it would time-out (expire).
If they expired you can edit homepage, post comments etc.

For your other question, you can no longer exploit it due to the ID being hidden. It wasn't a fake login, if you directed someone to the site it automatically gave you an ID, they couldn't prevent it.

[Neversoft]

Yes, they were given at the X party.

Mattysoft!? What the...! Thats such a rip off of my name. :evil:

[Ardemax]

Mattysoft!? What the...! Thats such a rip off of my name. :evil:

he's been on habbo for ages
didnt u notice?

[Pyroka]

It was with the Javascript session Id given to each user when they sign/log in. You direct a person to a website and it sends you their javascript session id allowing you to use it on habbo and yours their ID for you to sign into their account. It only worked if the habbo had been logged in for 20 minutes or less or it would time-out (expire).
If they expired you can edit homepage, post comments etc.

For your other question, you can no longer exploit it due to the ID being hidden. It wasn't a fake login, if you directed someone to the site it automatically gave you an ID, they couldn't prevent it.

Ah cheers! Yeah that makes sense. So it wasn't exactly a fake-login but it would display their login ID from the Habbo website by grabbing it through Javascript also? Either way, that sounds very easy to do given the knowhow on obtaining data through Javascript. I'm guessing you'd just grab it through their cookies and use the same code as Habbo does to grab the session ID?

They wouldn't realise at all then would they. Hope thats right lol. Sounds really effective though, and most people have been in Habbo for longer than 20 minutes anyway... Bloody addicts haha.

[JackBuddy]

he's been on habbo for ages
didnt u notice?

he is the most annoying person ever!

[Ardemax]

he is the most annoying person ever!

and a staff suck-up
no doubt about it!!

[Kent]

Ah cheers! Yeah that makes sense. So it wasn't exactly a fake-login but it would display their login ID from the Habbo website by grabbing it through Javascript also? Either way, that sounds very easy to do given the knowhow on obtaining data through Javascript. I'm guessing you'd just grab it through their cookies and use the same code as Habbo does to grab the session ID?

They wouldn't realise at all then would they. Hope thats right lol. Sounds really effective though, and most people have been in Habbo for longer than 20 minutes anyway... Bloody addicts haha.

To be honest it's not amazingly quick to set up as theirs often errors in the 7 page long code which develop, if you find a good hosting site like freehostia for the logged ids to go it's all nice and easy. Can't do it now though

[Jxhn]

I'm sure many would agree a trophy would of been more appropriate!

Lol, you made a good point there.

Imagine you're leaving your job, then your boss gives you a sleeping bag as a retirement present.

[Ardemax]

Lol, you made a good point there.

Imagine you're leaving your job, then your boss gives you a sleeping bag as a retirement present.

the thing is, its not a real real job, its pixelated.

[leahhh]

They got a throphy aswell !