Thread: New Harbor Freight website has MAJOR security hole!!!
View Single Post
  #11   Report Post  
Posted to rec.crafts.metalworking
Roger Shoaf Roger Shoaf is offline
external usenet poster
  
Posts: 879
Default New Harbor Freight website has MAJOR security hole!!!

"Ignoramus9191" wrote in message
news
On 2010-04-30, Roger Shoaf wrote:

"Ignoramus9191" wrote in message
...




Got an Email reply from them. Seems that they tested the site and
found
the same thing I did. The message said they were putting the site on
maintainance mode to test it more. Haven't tried it again but last
night
I could pull up random names just about every time.


I think that what happens is that they give everyone the same cookie
(one cookie value given to everyone).

i

I wonder then if that was the case, if one could then deliberately fool
the
system by generating your own cookies and thus harvesting personal
information deliberately?


On decent websites, cookies are hard to guess. My site algebra.com
gives cookies like this:

Set-Cookie: algebra_session=99c16b978354929m73a48ag2e1d7a850; path=/;
expires=Mon, 05-Jul-2010 21:21:30 GMT

(cookie slightly altered but looks same as the original). It is not
easy to guess someone else's cookie.


Do the cookies progress randomly or could one deduce the progression or
regression from a limited sample? It would seem to me that if the cookie
generation was not given a lot of thought, then on commercial sites, one
might have the ability to sneak in and poke around.

--

Roger Shoaf

About the time I had mastered getting the toothpaste back in the tube, then
they come up with this striped stuff.


Reply With QuoteReply With Quote