Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions

Reply
 
Thread Tools Display Modes
  #1  
Old 03-10-2003, 06:10 PM
mr e's Avatar
mr e mr e is offline
 
Join Date: Dec 2001
Posts: 461
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default cookie password stuff

ok how come i cant do this
[sql]
$bbuserinfo = $sql->query("SELECT * FROM user WHERE password=$ _COOKIE[bbpassword]");
[/sql]

but i can do this
[sql]
$bbuserinfo = $sql->query("SELECT * FROM user WHERE userid=$ _COOKIE[bbuserid]");
[/sql]

i've looked at my cookies and everything is there, why can i do one, but not the other? and yes this is on a non-vb page
Reply With Quote
  #2  
Old 03-10-2003, 06:11 PM
filburt1 filburt1 is offline
 
Join Date: Feb 2002
Location: Maryland, US
Posts: 6,144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You need to put the passhash in quotes.
Reply With Quote
  #3  
Old 03-10-2003, 06:13 PM
mr e's Avatar
mr e mr e is offline
 
Join Date: Dec 2001
Posts: 461
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

you mean like this?
[sql]
$bbuserinfo = $sql->query("SELECT * FROM user WHERE password=$_COOKIE['bbpassword']");
[/sql]

then i get this error
Can't query: SELECT * FROM user WHERE password=

where normally (without single quotes) i get this error
Can't query: SELECT * FROM user WHERE password= some 25 digit number
Reply With Quote
  #4  
Old 03-10-2003, 06:27 PM
mr e's Avatar
mr e mr e is offline
 
Join Date: Dec 2001
Posts: 461
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i tried it in phpmyadmin and this is the error i got
Unknown column '79ab945544e5bc017a2317b6146ed3aa' in 'where clause'

the query i used was
[sql]
$bbuserinfo = $sql->query("SELECT * FROM `user` WHERE `password`=$_COOKIE[bbpassword]");
[/sql]
Reply With Quote
  #5  
Old 03-10-2003, 06:32 PM
filburt1 filburt1 is offline
 
Join Date: Feb 2002
Location: Maryland, US
Posts: 6,144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

PHP Code:
$bbuserinfo $sql->query("SELECT * FROM user WHERE password = \"" $_COOKIE['bbpassword'] . "\""); 
Reply With Quote
  #6  
Old 03-10-2003, 06:35 PM
mr e's Avatar
mr e mr e is offline
 
Join Date: Dec 2001
Posts: 461
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

darn you turtle boy and your always being right thanks though
Reply With Quote
  #7  
Old 03-11-2003, 12:26 PM
Lesane's Avatar
Lesane Lesane is offline
 
Join Date: Oct 2001
Location: The Netherlands
Posts: 1,149
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Mr_e, it's not smart to post your md5 password hash here. Did you know that you can crack md5 hashes?
Reply With Quote
  #8  
Old 03-11-2003, 12:55 PM
filburt1 filburt1 is offline
 
Join Date: Feb 2002
Location: Maryland, US
Posts: 6,144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It takes exponentially or logarithmically longer to break an md5 hash the longer the original string was, although I do agree that it wasn't wise.

Also Lesane, please shorten your sig to eight lines (you're only allowed eight lines of small text )
Reply With Quote
  #9  
Old 03-11-2003, 01:12 PM
DrkFusion's Avatar
DrkFusion DrkFusion is offline
 
Join Date: Nov 2001
Posts: 1,926
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Approximatly how long does it take to crack a unique password which is encrypted in md5? With only the hash available?

I know there are programs that have dictionaries and brute it out, so if the password is apple, and since apple is present in the dictionary it will compare and tell you. Im really not sure how long, the method of cracking unique passwords.

Do not get me wrong, I do not want to hack or crack
Reply With Quote
  #10  
Old 03-11-2003, 01:41 PM
filburt1 filburt1 is offline
 
Join Date: Feb 2002
Location: Maryland, US
Posts: 6,144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It takes minutes for a couple letters, days for a few more, and many, many years for a couple words.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:26 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04111 seconds
  • Memory Usage 2,240KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete