is this a a hack on gaia

Printable View

17 Aug. 2011, 02:31am
swagg8

is this a a hack on gaia

http://gaiaonline.com/chat/gsi/index.php?m=109
17 Aug. 2011, 03:37am
-0- D i o r -0-

Quote:

Originally Posted by swagg8

http://gaiaonline.com/chat/gsi/index.php?m=109

I'm not clicking that link.
17 Aug. 2011, 04:57am
Disorder

It's just a gsi request to see if the current account logged on is authenticated or not.

Try it when not signed it, it will say "109-3User not authenticated"

When signed in, it will spit out a bunch of text.
17 Aug. 2011, 05:08am
Chad

That "text" is your gaia55_ssid. Other words, it's your gaiaonline login session id. I'm assuming it's created by something along the lines off md5(md5(password) + timestamp) making ~~nearly~~ impossible to get if they are going down to the milliseconds. If you were to get other peoples SSID's you can session hijack their account. As far as I know you can't trade anything unless you know their password. All you can really do is spam on their account and possibly get them banned. A good way to mess with them would be to put all of their items in the donation thing for dumpster dive and such. However, session hijacking people's accounts is good for advertising I must add.
17 Aug. 2011, 05:42am
swagg8

all i need is cookiemanager
17 Aug. 2011, 04:38pm
-0- D i o r -0-

Quote:

Originally Posted by Chad

That "text" is your gaia55_ssid. Other words, it's your gaiaonline login session id. I'm assuming it's created by something along the lines off md5(md5(password) + timestamp) making ~~nearly~~ impossible to get if they are going down to the milliseconds. If you were to get other peoples SSID's you can session hijack their account. As far as I know you can't trade anything unless you know their password. All you can really do is spam on their account and possibly get them banned. A good way to mess with them would be to put all of their items in the donation thing for dumpster dive and such. However, session hijacking people's accounts is good for advertising I must add.

A bot is in order?? haha maybe one to throw their stuff in their and then just use dumpster dive bots to attempt to score something good...
17 Aug. 2011, 04:58pm
swagg8

ok where can i download dumpster dive bot
17 Aug. 2011, 11:25pm
Chad

Quote:

Originally Posted by -0- D i o r -0-

A bot is in order?? haha maybe one to throw their stuff in their and then just use dumpster dive bots to attempt to score something good...

You'll first have to find a way to grab their cookie. Sure a cookie grabber will work but you'll need a javascript exploit on gaiaonline first to execute the cookie grabber. All the javascript exploits I know of were patched.
17 Aug. 2011, 11:49pm
Lostintehdark

Still very possible to exploit this, you just got to look harder Chad.
18 Aug. 2011, 01:00am
swagg8

so how do i get a javascript
18 Aug. 2011, 05:21am
-0- D i o r -0-

Quote:

Originally Posted by swagg8

so how do i get a javascript

-____________________________-

Google helps.
18 Aug. 2011, 05:33am
swagg8

ok ty dude
18 Aug. 2011, 06:38am
Chad

Quote:

Originally Posted by Lostintehdark

Still very possible to exploit this, you just got to look harder Chad.

Well derp. I know how to, but there is no other way to grab someones cookie without cooking grabbing them from a Javascript exploit in gaiaonline. You can use other GSI's to get more information using the SSID. I can make programs that grabs peoples SSID's after they login but there is no point in doing that.
18 Aug. 2011, 01:11pm
swagg8

ok i dont know how to really use it