is this a a hack on gaia

17 Aug. 2011 02:31am

http://gaiaonline.com/chat/gsi/index.php?m=109

**-0- D i o r -0-** · 17 Aug. 2011 03:37am

Originally Posted by swagg8

http://gaiaonline.com/chat/gsi/index.php?m=109

I'm not clicking that link.

**Disorder** · 17 Aug. 2011 04:57am

It's just a gsi request to see if the current account logged on is authenticated or not.

Try it when not signed it, it will say "109-3User not authenticated"

When signed in, it will spit out a bunch of text.

**Chad** · 17 Aug. 2011 05:08am

That "text" is your gaia55_ssid. Other words, it's your gaiaonline login session id. I'm assuming it's created by something along the lines off md5(md5(password) + timestamp) making ~~nearly~~ impossible to get if they are going down to the milliseconds. If you were to get other peoples SSID's you can session hijack their account. As far as I know you can't trade anything unless you know their password. All you can really do is spam on their account and possibly get them banned. A good way to mess with them would be to put all of their items in the donation thing for dumpster dive and such. However, session hijacking people's accounts is good for advertising I must add.

17 Aug. 2011 05:42am

all i need is cookiemanager

**-0- D i o r -0-** · 17 Aug. 2011 04:38pm

Originally Posted by Chad

That "text" is your gaia55_ssid. Other words, it's your gaiaonline login session id. I'm assuming it's created by something along the lines off md5(md5(password) + timestamp) making ~~nearly~~ impossible to get if they are going down to the milliseconds. If you were to get other peoples SSID's you can session hijack their account. As far as I know you can't trade anything unless you know their password. All you can really do is spam on their account and possibly get them banned. A good way to mess with them would be to put all of their items in the donation thing for dumpster dive and such. However, session hijacking people's accounts is good for advertising I must add.

A bot is in order?? haha maybe one to throw their stuff in their and then just use dumpster dive bots to attempt to score something good...

17 Aug. 2011 04:58pm

ok where can i download dumpster dive bot

**Chad** · 17 Aug. 2011 11:25pm

Originally Posted by -0- D i o r -0-

A bot is in order?? haha maybe one to throw their stuff in their and then just use dumpster dive bots to attempt to score something good...

You'll first have to find a way to grab their cookie. Sure a cookie grabber will work but you'll need a javascript exploit on gaiaonline first to execute the cookie grabber. All the javascript exploits I know of were patched.

**Lostintehdark** · 17 Aug. 2011 11:49pm

Still very possible to exploit this, you just got to look harder Chad.

18 Aug. 2011 01:00am

so how do i get a javascript

**-0- D i o r -0-** · 18 Aug. 2011 05:21am

Originally Posted by swagg8

so how do i get a javascript

-____________________________-

Google helps.

18 Aug. 2011 05:33am

ok ty dude

**Chad** · 18 Aug. 2011 06:38am

Originally Posted by Lostintehdark

Still very possible to exploit this, you just got to look harder Chad.

Well derp. I know how to, but there is no other way to grab someones cookie without cooking grabbing them from a Javascript exploit in gaiaonline. You can use other GSI's to get more information using the SSID. I can make programs that grabs peoples SSID's after they login but there is no point in doing that.

18 Aug. 2011 01:11pm

ok i dont know how to really use it

Thread: is this a a hack on gaia

LinkBack

Thread Tools

Search Thread

Rate This Thread

Display

is this a a hack on gaia

Tags for this Thread

Posting Permissions