Forged Cookies online movies free to watch-vulnerability warning-the black bar safety net

ID MYHACK58:6220069273
Type myhack58
Reporter 佚名
Modified 2006-05-24T00:00:00


Today, the network of movie sites a lot, but many are for a fee, rarely there will be a free“lunch”waiting for everyone to go enjoy. But now many movie sites registered ordinary members, if not renewed, the remaining money will be for $ 0, This is simply not be able to watch movies, even if you are just running out of coins for the ordinary user, it will be rejected in Can't browse“outside”of. While the use of mobile phone registered users are different, because it is the identity of the sites being considered as the advanced user, even if the remaining amount of money is $ 0 You can also watch the movies. So let's take advantage of this vulnerability, the use of register itself to the ordinary user, which Cookies information forged into a mobile phone registration of the senior user, to free watch to site offers pay movies.

A, grab the user data packet

Open in the browser want to watch free of charge movies website, such as entering“a new interactive entertainment movie”in the upper left corner“member login”tab, click the“Register”button, the pop-up“register account”fill in the interface in Figure 1, and then will own the registration of the account information, fill in to the interface of the text box. After the operation is completed, click the below“Submit”button, you can immediately pop-up“member registration successful”message. If in this case want to fetch the user data packet, to sign before the Wsockexpert capture tool open download address: and at its inner portion to expand the browser to the plus sign, choose movies site name Figure 2, click “Open”button to open, it will be on the site for data capture.

! Figure 1

! Figure 2 Tip: Wsockexpert capture tool, it can not only serve to monitor the specified network for the transmission effect, but also can be its transmission of data packets taken to a local, on the test sites of the network are very useful. If you stand in the hacker's point of view, it will be utilized to modify the web site to receive data, and can also assist in the many pages of the script of invasion of the job, is a rare“both attack and Defense”detection software.

Then click the upper right corner of the“minimize”button, along with the original“road”to return to the movie interface. Just successfully registered account and password are filled in the username and password box, then click behind the“Login”button, the author of the the registered free members will be able to smoothly into the movie area, and just open the capture tool will also display the account login to the site data information Figure 3)。 Although these data seem somewhat complicated, we just find the to the second color at the beginning of the section, and the Packets way to Get the bar information.

! Figure 3 Second, modify the Cookie information with WebTools tool connection

Here to find is the ID for the 4 6 5 The information data, and then the bar is selected, the lower text will appear the detailed crawl data, then the contents of the Cookie information copy to Notepad, so that the author can in terms of information to do some“hands on”. Then to paste the Cookies with Notepad, find Siteuser registered user character, replaced Phoneuser phone user character, and the equals sign behind the steering value is also complementary to the 1 0 0 0 0 0, so that forgery of the Cookie information, it has been completely modified is completed.

Tips: if you are using network communication lines of user, it may be because the network speed is too slow, the reason, taken within the Cookie information at the end of the 1 0 0 0 0 0 The steering value, so here to be more taken several times, until the intercept to the value so far, and then just not taken to the steering value of the Cookie information to complement, or direct recording finally taken to the complete Cookies.

Next, you also need to use another paragraph for the submission of information of the weapon, i.e. WebTools Detection Tool download address: from online download to a local, and then double-click released the“Mavericks”icon, it will pop up the“software”interface. If you want to watch free to view movies, you can at the bottom of the“authentication”box, put just the modified Cookie information, copy to the text within the figure 4)。 Then in the top of the“Address”tab, enter falsified information movie web site, and finally click the“GET”button, you can connect to the new interactive entertainment movie site. And in this case its the identity of the viewer, it has been from the previous ordinary user becomes now forged a successful advanced user, so you can be free to watch their selected movies.

! Figure 4