MOD-Zippy hacked!

Kent · 02-06-2007, 03:16 PM

and Heidster used some crap about a new quest starting so habbos security didn't look as crap as it actually is.

~~dannyisnotamazing~~ · 02-06-2007, 03:22 PM

Originally Posted by PenguinFluid

dont go on websites when your on habbo

..only Habbo addicts would do that. "/.

Just to come on the net to use Habbo only, no other sites lmao. :S

Habbo can fix the XSS flaw if they try..

Invent · 02-06-2007, 03:46 PM

Go on Habbo.co.uk, in the address bar paste: javascript:alert(document.cookie);

The "hacker" gets that sent to his email. He can use the JSSessionID to get into your account.

Never · 02-06-2007, 03:54 PM

Originally Posted by Invent

Go on Habbo.co.uk, in the address bar paste: javascript:alert(document.cookie);

The "hacker" gets that sent to his email. He can use the JSSessionID to get into your account.

How's that send it to his email?!

edit: o ya dont matter.

Invent · 02-06-2007, 03:56 PM

Some things in Habbo allow you to specify the data in say an input form by doing "?formname=">+javascript code" or something, lol.

Never · 02-06-2007, 03:57 PM

Oh interesting...

How would Habbo patch this?

Jam · 02-06-2007, 04:14 PM

Originally Posted by Never

Oh interesting...

How would Habbo patch this?

bobba It Knowing Them! Lol, Nice Find.

Niall! · 02-06-2007, 04:39 PM

Originally Posted by Black-Sheak

bobba It Knowing Them! Lol, Nice Find.

LOLOLOL

Im gonna be a little more carefull from now on

But not be a habbo addict and not visit sites lolol

Bill · 02-06-2007, 06:20 PM

Both of those MOD's signed my guestbook.

habbo.co.uk/home/bill

timROGERS · 02-06-2007, 07:17 PM

It's very easy to patch, just filter the input for the GET variables

What I don't know is how the session ID is gonna help them to touch your account.

Thread: MOD-Zippy hacked!

Thread Tools

Posting Permissions