¿How to protect against IMVU HOMEPAGE h4c|<s?

Kleixx
by Kleixx · 24 posts
5 years ago in White Hat Activities
Posted 5 years ago · Author
Hi, I wanted to ask the whole community a question, since once they told me they could h4c|< imvu accounts with just the home page, so I do not know if it's true, I the only methods I know of people who steal accounts They are the pishing through social engineering saying that you enter by credit or by contests or to verify your accounts or houses like that, but what of the homepage is not true.
Posted 5 years ago
Maybe they are using social engineering with their homepage, we can use iframe linked to their homepage.
There are another way using bruteforce (https://en.wikipedia.org/wiki/Brute-force_attack) with a list of password and a software.

I'm not a professional, I only have the basics, but i'm sur at 95% that they can't h4c|< with their homepage (without social engineering).
Posted 5 years ago
Yes ... there are other ways to h4c|< into an account via the HP.

The h4c|<7r could write up javascript to do one of the following:
* hijack your browser
* force you to download malware
* steal stored passwords

None of the above would require you to click on anything on the HP, nor would you have to enter in any of your account info. Simply visiting the HP would be enough to compromise your account.

This is why you should always run a script blocker to block unknown scripts.
Posted 5 years ago
thank you
Posted 5 years ago · Author
Thank you very much for the answers, since I had too many doubts in my head
Posted 5 years ago
Don Von Alpha Dom wrote:
(snip) This is why you should always run a script blocker to block unknown scripts.


Forgive the question, but is there any recommendation for the illiterate of us in that aspect? Like, do the script blockers google will give for our browsers do the work?

EDIT:
NEEEVERMIND, just found this topic, will go with it :)
viewtopic.php?f=2&t=11040
Posted 5 years ago
Yeah, it is true, when people click on the homepage of the user it redirects them to a page that makes you login again that looks exactly like Imvu.
Posted 5 years ago
thats scary :O
Posted 5 years ago
TheKing123 wrote:
Yeah, it is true, when people click on the homepage of the user it redirects them to a page that makes you login again that looks exactly like Imvu.

@TheKing123



this is another possible way but will require the user to enter their login credentials. <- this method specifically is called phishing

what Don Von is talking about is different. u wont even need the user to enter any credentials scripts can be made to do all the stealing once a homepage is visited. (don v is very wise, listen and use a script blocker / adblocker).
Posted 5 years ago
@Thirteen100

Yeah, Ik about that too, they do it all the time they give u a link and if u click it, they h4c|< u, they can do it with the homepage too.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Sign in

Already have an account? Sign in here

SIGN IN NOW

Create an account

Sign up for a new account in our community. It's easy!

REGISTER A NEW ACCOUNT