How are they doing this!!!

General technological topics without their own forum go here

How are they doing this!!!

Post by mattyb311 on Thu Dec 06, 2012 11:47 pm
([msg=71571]see How are they doing this!!![/msg])

I am in a football pool where you pick against a spread every week. My friend is a big nerd and cheats so bad. Somehow he changed his picks AFTER they were locked and unchangeable. I mean I know how to change things with Firebug but obviously that does not save. How is he able to edit and save the page source? :cry:
mattyb311
New User
New User
 
Posts: 3
Joined: Thu Dec 06, 2012 11:43 pm
Blog: View Blog (0)


Re: How are they doing this!!!

Post by WallShadow on Fri Dec 07, 2012 12:53 am
([msg=71572]see Re: How are they doing this!!![/msg])

First off, welcome to HTS!

Second, please give move information about the game like; what language is it programmed in? Do you play it in your browser or just window? Any more information you can give only serves to help us.

There are loads of ways to hack a game, we need to know how the game works to see which hacks are applicable to it.

- WallShadow <3
User avatar
WallShadow
Contributor
Contributor
 
Posts: 594
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: How are they doing this!!!

Post by anarchy420x on Fri Dec 07, 2012 3:32 am
([msg=71575]see Re: How are they doing this!!![/msg])

Do you have a link that we can check out?
A broken clock is right twice a day, however, I am neither up that early nor up that late...
anarchy420x
Poster
Poster
 
Posts: 279
Joined: Thu Oct 16, 2008 12:43 am
Blog: View Blog (0)


Re: How are they doing this!!!

Post by mattyb311 on Fri Dec 07, 2012 8:18 am
([msg=71581]see Re: How are they doing this!!![/msg])

Image

Image

So as you can see the pick is locked from last nights game. The other shows current week standings. At game time the pick is locked in. He was able to get in there during the game and change Oakland to Denver. Like I said I know how to do it with Firebug, but obviously it doesnt stay for public to see. I would give you site to look at but its a special pool where you are given a password in order to view the page.
mattyb311
New User
New User
 
Posts: 3
Joined: Thu Dec 06, 2012 11:43 pm
Blog: View Blog (0)


Re: How are they doing this!!!

Post by weekend hacker on Fri Dec 07, 2012 12:20 pm
([msg=71582]see Re: How are they doing this!!![/msg])

I'm guessing those buttons are what you click to set your pick with blue buttons being what you picked already?
Look at the form those buttons are in. The script probably disables buttons during a game so you cannot "click it", however, if it probably fails to check at the backend if its allowed to make a setting during game time. (OR, if thats not how he does it there may be an sqli vuln in there somewhere, probably not checking if the id's of the pick are ints)
Look at the form those buttons are in, there will be data to identify which button is which like a name or an id, or hidden data, or submit value or something like that(all depending on if its a separate form per pick or one huge form with the value being in the button itself). Then check the disabled button and find what changed to disabled it. There are 2 options here, either it just set them to disabled or totally removed the values identifying them which effectively disables them. In the first case, enable them again with firebug and then click. In the second case, write down the values before game time, fill them in during game time and click to change your pick. Possible alternative, open the page before game time, keep it open, and click during game time. It'll all depend on how its made. But if your friend is able to change his picks this is probably how he does it. (or since theres also a save button, I guess the buttons are a type of checkbox/radiobutton, in which case the same as above applies but with checkbox/radiobutton values or id's and not button values)
<Yoda> if someone says something i don't like, i ban him, ban whoever defends him, and then ban the witnesses...
User avatar
weekend hacker
Administrator
Administrator
 
Posts: 191
Joined: Sun Apr 13, 2008 2:39 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: How are they doing this!!!

Post by mattyb311 on Fri Dec 07, 2012 2:01 pm
([msg=71583]see Re: How are they doing this!!![/msg])

I wish I knew more about computers and could figure out how to test what you just told me lol.
mattyb311
New User
New User
 
Posts: 3
Joined: Thu Dec 06, 2012 11:43 pm
Blog: View Blog (0)


Re: How are they doing this!!!

Post by fashizzlepop on Fri Dec 07, 2012 3:25 pm
([msg=71584]see Re: How are they doing this!!![/msg])

Read up on HTML. Specifically forms and some of the keywords weekend mentioned like "radio buttons" and "id" and "value". These are all parts of building a form in html.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2304
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests

cron