Cookies???
I recently got interested in seeing the cookies of HBH and I noted it down…later..I logged off and cleared all my cookies and created each cookie manually(all done using JavaScript)……to my surprise…I got logged on… 1.)is this usual(please don't flame..I'm new to all this)…….or is there some fault in the system authentication unit??? 2.)If this is so..cant we just try and get the potential parameters(again..I'm new to all this)…and attempt to hijack HBH cookies???
*I have been thinking about this for some time(5 hours approx)….I'm sorry if this is real stupid…as I have told before…I'm new to hacking and (after all…this is a hacking site..I don't expect it to be hacked open so easily)
You may want to read this. I think it will interest you because it answers your questions (In great detail) and goes beyond.
I did study into the topic…I read into it as soon as I faced a challenge featuring cookies(Don't remember whether it was in HTS,HBH or Hack Quest)(and that was last year).
However I expected that the Website would delete cookies as soon as the user logged off(its mentioned in Wikipedia)(I tried that too..it worked..the cookie is valid even after the user logs off).
Instead I find that the IP address is tagged here.Meaning physical access to the comp. or one in its network(if used as a proxy) could enable me to steal cookies and use them for logging on. while I realize that physical access is not that easily acquired…Its still a vulnerability(Mostly on public computers…but a keylogger would be more effective there)