Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions
Reload this Page cookie password stuff
FAQ Community Calendar Today's Posts Search

Reply
Page 1 of 2 1 2
 
Thread Tools Display Modes
  #1  
Old 03-10-2003, 06:10 PM
mr e's Avatar
mr e mr e is offline
 
Join Date: Dec 2001
Posts: 461
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default cookie password stuff
ok how come i cant do this
[sql]
$bbuserinfo = $sql->query("SELECT * FROM user WHERE password=$ _COOKIE[bbpassword]");
[/sql]

but i can do this
[sql]
$bbuserinfo = $sql->query("SELECT * FROM user WHERE userid=$ _COOKIE[bbuserid]");
[/sql]

i've looked at my cookies and everything is there, why can i do one, but not the other? and yes this is on a non-vb page
Reply With Quote
  #2  
Old 03-10-2003, 06:11 PM
filburt1 filburt1 is offline
 
Join Date: Feb 2002
Location: Maryland, US
Posts: 6,144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
You need to put the passhash in quotes.
Reply With Quote
  #3  
Old 03-10-2003, 06:13 PM
mr e's Avatar
mr e mr e is offline
 
Join Date: Dec 2001
Posts: 461
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
you mean like this?
[sql]
$bbuserinfo = $sql->query("SELECT * FROM user WHERE password=$_COOKIE['bbpassword']");
[/sql]

then i get this error
Can't query: SELECT * FROM user WHERE password=

where normally (without single quotes) i get this error
Can't query: SELECT * FROM user WHERE password= some 25 digit number
Reply With Quote
  #4  
Old 03-10-2003, 06:27 PM
mr e's Avatar
mr e mr e is offline
 
Join Date: Dec 2001
Posts: 461
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
i tried it in phpmyadmin and this is the error i got
Unknown column '79ab945544e5bc017a2317b6146ed3aa' in 'where clause'

the query i used was
[sql]
$bbuserinfo = $sql->query("SELECT * FROM `user` WHERE `password`=$_COOKIE[bbpassword]");
[/sql]
Reply With Quote
  #5  
Old 03-10-2003, 06:32 PM
filburt1 filburt1 is offline
 
Join Date: Feb 2002
Location: Maryland, US
Posts: 6,144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
PHP Code:
$bbuserinfo $sql->query("SELECT * FROM user WHERE password = \"" $_COOKIE['bbpassword'] . "\""); 
Reply With Quote
  #6  
Old 03-10-2003, 06:35 PM
mr e's Avatar
mr e mr e is offline
 
Join Date: Dec 2001
Posts: 461
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
darn you turtle boy and your always being right thanks though
Reply With Quote
  #7  
Old 03-11-2003, 12:26 PM
Lesane's Avatar
Lesane Lesane is offline
 
Join Date: Oct 2001
Location: The Netherlands
Posts: 1,149
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Mr_e, it's not smart to post your md5 password hash here. Did you know that you can crack md5 hashes?
Reply With Quote
  #8  
Old 03-11-2003, 12:55 PM
filburt1 filburt1 is offline
 
Join Date: Feb 2002
Location: Maryland, US
Posts: 6,144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
It takes exponentially or logarithmically longer to break an md5 hash the longer the original string was, although I do agree that it wasn't wise.

Also Lesane, please shorten your sig to eight lines (you're only allowed eight lines of small text )
Reply With Quote
  #9  
Old 03-11-2003, 01:12 PM
DrkFusion's Avatar
DrkFusion DrkFusion is offline
 
Join Date: Nov 2001
Posts: 1,926
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Approximatly how long does it take to crack a unique password which is encrypted in md5? With only the hash available?

I know there are programs that have dictionaries and brute it out, so if the password is apple, and since apple is present in the dictionary it will compare and tell you. Im really not sure how long, the method of cracking unique passwords.

Do not get me wrong, I do not want to hack or crack
Reply With Quote
  #10  
Old 03-11-2003, 01:41 PM
filburt1 filburt1 is offline
 
Join Date: Feb 2002
Location: Maryland, US
Posts: 6,144
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
It takes minutes for a couple letters, days for a few more, and many, many years for a couple words.
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 07:19 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05352 seconds
  • Memory Usage 2,255KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete