Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
mariorz
on June 3, 2009
|
parent
|
context
|
favorite
| on:
How I Hacked Hacker News (with arc security adviso...
My mistake. So you can get a valid login, but you can't know whom you'll be login in as, that is without doing some social engineering like with the irc example. Impressive hack.
xenophanes
on June 3, 2009
[–]
i think if you get a valid login cookie, and use it, it will tell you what account you have in the top right.
mariorz
on June 3, 2009
|
parent
[–]
Well obviously, but you couldn't do a brute force attack like this to a specific account.
e1ven
on June 3, 2009
|
root
|
parent
[–]
I believe the implication is that you'd have a sessionid. Effectively, the username and password rolled into one unique number, stored in the cookie.
dfranke
on June 3, 2009
|
root
|
parent
[–]
I think by 'specific account' he means 'chosen account', in which case he'd be correct without more targeted social engineering.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
