Username: 
Password: 
Restrict session to IP 

How to find PHPSESSID  Go to the Blinded by the light challenge

Global Rank: 3368
Totalscore: 6118
Posts: 6
Thanks: 2
UpVotes: 2
Registered: 11y 312d

Last Seen: 98d 13h
The User is Offline
How to find PHPSESSID
Google/translate0Thank You!0Good Post!0Bad Post! link
This is a blind sql injection, so I tried to write a python code, but I also need to know PHPSESSID to solve a challenge with my account. Without that, I can solve this challenge, but not with my account. I tried to find a cookie, but in this site I don't have any cookie like other sites. document.cookie show only ''. How to find a cookie?
Global Rank: 20
Totalscore: 391095
Posts: 6
Thanks: 5
UpVotes: 5
Registered: 11y 136d







The User is Offline
RE: How to find PHPSESSID
Google/translate1Thank You!1Good Post!0Bad Post! link
Because the cookie is marked "HTTPOnly" you probably cannot get it using Javascript.

Most browsers let you view the cookies for a particular site (check the preferences).

Depending on your browser, it might be easier to just install an extension that lets you view cookies for the site you're currently browsing.

In Firefox and Chrome you also have a "developer's console" (called Firebug in Firefox, not sure of the Chrome name), that lets you see a lot of information, including cookies being sent to the site.
Global Rank: 3368
Totalscore: 6118
Posts: 6
Thanks: 2
UpVotes: 2
Registered: 11y 312d

Last Seen: 98d 13h
The User is Offline
Another problem occurred
Google/translate0Thank You!0Good Post!0Bad Post! link
Thank you. In chrome, 'EditThisCookie' showed httpOnly cookie. But, in www.wechall.net, cookie named 'WC' is set before log-in, and after log-in, the value of cookie is not changed. More strange thing is that log-in that is tried after deleting cookie are not allowed. There is one cookie that is named 'WC' and there are no other cookies but 'WC'. What should I do to get a cookie that is really related to my log-in?
Global Rank: 20
Totalscore: 391095
Posts: 6
Thanks: 5
UpVotes: 5
Registered: 11y 136d







The User is Offline
RE: How to find PHPSESSID
Google/translate1Thank You!1Good Post!0Bad Post! link
Hello,

That's normal Smile Cookie "WC" identifies your session with the site; when you login, the server registers that, and even though your session id stays the same, the server now knows that you're logged in (data related to each session is stored on the server).

You can use your "WC" cookie to solve the challenges. You can think of "WC" as a variation of "PHPSESSID", it just has a different name and format. Smile
Global Rank: 3368
Totalscore: 6118
Posts: 6
Thanks: 2
UpVotes: 2
Registered: 11y 312d

Last Seen: 98d 13h
The User is Offline
Thank you
Google/translate1Thank You!1Good Post!0Bad Post! link
I was confused a little bit, now I got to know a way to do it. Thank you!
Redknee, tunelko, silenttrack, n0tHappy, nonfungiblesecurity, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 9184 times.