Thread: Administrative and Maintenance Tools - Cookie Stuffing Detector [Inside- What is Cookie Stuffing and Why you Should Care]
View Single Post
  #4  
Old 09-04-2008, 03:30 AM
sockwater's Avatar
sockwater sockwater is offline
 
Join Date: Apr 2008
Posts: 187
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Right, except that's not really what we're talking about since there is no monetary gain in that.

Code:
The cookie stuffing we are talking about is for example: Say 
I have a Commission Junction account and am an affiliate 
for eBay.  For me to get paid, I have to send people to 
http://www.ebay.com?affiliateid=12345
When someone visits that URL, an ebay.com cookie is set on 
their machine.  Then if they sign up/ make a purchase etc 
within 60 days then I get a commission.  You can't set an 
ebay.com cookie from floris.vbulletin.com  You could have 
floris.vbulletin.com/stuff/vborgtest.jpg be a php script that 
redirects with a 301 redirect to ebay.com?affiliateid=12345
but then my Javascript would still catch that, since it's not 
a valid image. Cookie stuffing works because even though the 
image isn't valid and isn't displayed, the headers that are 
received get acted upon by the browser, setting a cookie.  
The only two ways of stuffing affiliate cookies is via an 
iframe or via an image that references the target affiliate 
site. These of course can be obfuscated using javascript 
tricks.  The only vulnerability for vBulletin is the [IMG] 
code, assuming that you don't have html turned on.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01233 seconds
  • Memory Usage 1,764KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete