http://www.jellyneo.net/
Neomail Cookie Grabbers
#1
Posted 04 November 2010 - 03:52 AM
http://www.jellyneo.net/
#2
Posted 04 November 2010 - 04:19 AM
#3
Posted 04 November 2010 - 04:19 AM
#4
Posted 04 November 2010 - 04:40 AM
Is Neopets ever going to fix this cookie grabber epidemic
people say that its quite impossible, because cookie function enables you to login; disabling the use of cookie function will make you log out every refresh... (not sure if its true)
I just wonder how ppl can enter a set of script into the mail and is able to pass the filter...
#5
Posted 04 November 2010 - 05:09 AM
I stopped frequenting the Neoboards so I probably wouldn't have known otherwise.
*goes to change neomails to neofriend-only*
#6
Posted 04 November 2010 - 05:15 AM
Is Neopets ever going to fix this cookie grabber epidemic
If they spent their time fixing coding errors how would they ever have time to make new NC?!?!?!
#7
Posted 04 November 2010 - 05:46 AM
It is possible. It just requires them to do some better coding and prevent people from being able to use the type of code they can in order to CG (which means a bit of revamping is in order ooh-rah.
Supposedly this script is more than a simple CG script, and 'can retrieve your password' if you use your browser 'form saver' function and have your username/password stored.
Well...isn't that just great. I have to say the guys who make the script are clearly better coders than the guys neopets hire
#8
Posted 04 November 2010 - 05:54 AM
are there any steps to know if someone is spamming
#9
Posted 04 November 2010 - 06:02 AM
is it even possible?
#10
Posted 04 November 2010 - 06:22 AM
No.
When a page is loaded on the internets, scripts are executed to perform functions... in most cases they are good (example this pages scripts allow you to have the dropdown bars for you UserCP etc)...
Most websites allow users to input information. Such as the neomail system (or codex post box). The problem is that due to the neohtml abilities, neopets has the flow in which users can take advantage of certain flaws in order to execute malicious scripts/codes. It's an oversite that Neopets seems to greatly ignore until it's too late.
Isn't it possible to put a link into a neomail and hide it with script though? I thought that's how it was actually happening to people.
#11
Posted 04 November 2010 - 12:32 PM
#12
Posted 04 November 2010 - 01:10 PM
#13
Posted 04 November 2010 - 01:54 PM
Well...isn't that just great. I have to say the guys who make the script are clearly better coders than the guys neopets hire
Usually just one person makes the script, and thousands of people known as "script kiddies" take the script and use it.
Isn't it possible to put a link into a neomail and hide it with script though? I thought that's how it was actually happening to people.
What would the good of hiding a link be?
They just make a script so whenever you visit a Neomail, it automatically emails your cookie to them, so they just load up the cookie in the browser and have fun. Logging out and back in is greater then this method, because only one cookie is valid at a time.
#14
Posted 04 November 2010 - 04:52 PM
would adblock (that blocks javascript) or noscript stop this at all?
#15
Posted 04 November 2010 - 05:28 PM
i'm not sure i understand how this works. so they write a script into the neomail and it executes when you open the mail? is it just a blank mail then? or do they write some nonsense?
would adblock (that blocks javascript) or noscript stop this at all?
It can be either one. Usually some none sense to get you to open it.
And Noscript would stop it. Adblock would need to block the specific script.
#16
Posted 04 November 2010 - 10:16 PM
Thanks for the warning.
*goes to change neomail settings*
#17
Posted 04 November 2010 - 11:07 PM
#18
Posted 04 November 2010 - 11:14 PM
I gotta change my settings.
#19
Posted 04 November 2010 - 11:18 PM
#20
Posted 05 November 2010 - 01:09 AM
#21
Posted 05 November 2010 - 05:29 AM
#22
Posted 05 November 2010 - 07:51 AM
#23
Posted 05 November 2010 - 07:57 AM
Plain text will fix it?
Yes, setting your neomails to plain text will prevent the scripts from going off in your neomail. Unless you meant something else?
#24
Posted 05 November 2010 - 08:46 AM
and i will go do that now.
thanks!
#25
Posted 06 November 2010 - 04:07 AM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users