.png)
Zero Identity Forums - General - Web Security - Tamper Data
Are you bored? Check out the unaswered threads!
| #1 Tamper Data on 01/01/1970 00:00 | |
|
There is a flash game that submits POST_DATA to a web server, which then uses PHP to save it in a MySQL table.
Problem is, sometimes I can change the value successfully with TD but sometimes not. I think, it may be due to the session ID or whatever...e.g. Code Highlighting :: Select Code I usually edit the number immediately after the score, but a lot of times, it doesn't work. The result ends up being -1, which causes a system error but doesn't get me ranked up... I'm curious, because the session and result ID are always the same, but could it be in some way tied to the score? |
|
|
Grindordie
 Administrator Software Engineer  ZI Guru Joined: 11/04/2007 Last Seen: 0000-00-00 Experience: 1207.57 Points: 1100 |
|
| #2 on 01/01/1970 00:00 | |
|
It may use a Token that is only valid once...
Once you resubmit the score using the same token, it updates the score to -1. (Simple prevention to replay attacks) So, try acting as a man-in-the-middle; modify the data before it's sent originally, or find the token and form your own request. |
|
|
vs4vijay
 Member Hacked!!!....  ZI Guru Joined: 10/02/2008 Last Seen: 2011-03-28 Experience: 1129.58 Points: 930 |
|
| #3 on 01/01/1970 00:00 | |
|
which game is that and which site is that...........
   |
|
| #4 on 01/01/1970 00:00 | |
|
that tokeen???
|
|
Who is watching forums
| Users viewing this page: | Guests (1) |
| Users viewing the forum: | 0 |