Zero Identity
Username: Password:
[Forgot Password?] [Not Registered?]

Navigation

Navigation
Challenges
Media
Contribute

ZI Store Updates

Zi Store

Link to UsIf you'd like to become an affilate, please Link to Us!




Online Users

Registered Users: 1394
Latest Registration: nixd
Online Users: 7
(0 Members, 7 Guests)

Poll

What should be done with ZI from here on out?
Get the staff to come back and work on it. (18%) [12 Votes]
Shutdown the site. (3%) [2 Votes]
Leave it to rot. (1%) [1 Votes]
Get new staff to work on it. (77%) [51 Votes]

[Poll Archive]

If your shout contains ! in the begining, your links will not be clickable.
If you enter the user's full username, it will be highlighted just for that user.Shoutbox

mrdotkommrdotkom
The Smoking gun.
Avatar

Last Login:
10 year(s) ago
Joined:
04/03/2008 18:51
Experience:
917.83 (03 day(s) ago)
quite the shame my man. Oh well
3l_f3n1x3l_f3n1x
V Fan
Avatar

Last Login:
10 year(s) ago
Joined:
08/05/2008 22:56
Experience:
271.15 (03 day(s) ago)
no one knows... Suddenly it was dead... =(
mrdotkommrdotkom
The Smoking gun.
Avatar

Last Login:
10 year(s) ago
Joined:
04/03/2008 18:51
Experience:
917.83 (03 day(s) ago)
Oh dear. What has happend to my ZI?
[Shoutbox Archive]


Icon Zero Identity Forums - General - Web Security - Tamper Data


Are you bored? Check out the unaswered threads!

w3bw4rr10r
Member


Avatar
Trainee

Joined: 03.01.2009
Last Seen: 10 year(s) ago
Experience: 196.8
Points: 60
#1 Tamper Data on April 23 2009 23:35
There is a flash game that submits POST_DATA to a web server, which then uses PHP to save it in a MySQL table.
Problem is, sometimes I can change the value successfully with TD but sometimes not. I think, it may be due to the session ID or whatever...e.g.
Code Highlighting :: Select Code
score=0%2E000&jst%5Fresultid=703460&jst%5Ftournamentid=5&jst%5Fsessionid=25fca28991b66d815e0f1f058390c404&jst%5Fuserid=140082

I usually edit the number immediately after the score, but a lot of times, it doesn't work. The result ends up being -1, which causes a system error but doesn't get me ranked up...
I'm curious, because the session and result ID are always the same, but could it be in some way tied to the score?
Grindordie
Administrator
Software Engineer

Avatar
ZI Guru

Joined: 04.11.2007
Last Seen: 10 year(s) ago
Experience: 1074.3
Points: 1100
#2 on April 24 2009 01:30
It may use a Token that is only valid once...
Once you resubmit the score using the same token, it updates the score to -1. (Simple prevention to replay attacks)

So, try acting as a man-in-the-middle; modify the data before it's sent originally, or find the token and form your own request.
That's not a bug, that's an unexpected feature

phpFort - light-weight content management system.
vs4vijay
Member
Hacked!!!....

Avatar
Professional Analyst

Joined: 02.10.2008
Last Seen: 10 year(s) ago
Experience: 984.7
Points: 920
#3 on April 24 2009 03:52
which game is that and which site is that...........
Image
Image
Image
kiddies
Member


Avatar
Newbie

Joined: 02.08.2009
Last Seen: 10 year(s) ago
Experience: 45
Points:
#4 on August 02 2009 10:07
that tokeen???


Who is watching forums


Users viewing this page: Guests (1)
Users viewing the forum: 0



© 2009 ZeroIdentity.org | Atlanta SEO

Powered by phpFort © 2008
Page generated in 0.068 seconds. :: MySQL Queries: 12