Re: Can you exploit this XSS?
From: Sverre H. Huseby (shh_at_thathost.com)
Date: 11/21/03
- Previous message: thanos F_at_rm@k1s: "RE: openbsd 3.4 ps bug"
- In reply to: Dawes, Rogan (ZA - Johannesburg): "RE: Can you exploit this XSS?"
- Next in thread: mark: "Re: Can you exploit this XSS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Nov 2003 21:04:25 +0100 To: "Dawes, Rogan (ZA - Johannesburg)" <rdawes@deloitte.co.za>
[Dawes, Rogan]
| I get your cookie, you log in on the next step, and the cookie
| does not change (for *MANY* applications). Now I have your cookie,
| and it is for an authenticated session.
v
For much more on this, see Mitja Kolsek's nice paper kalled "Session
Fixation Vulnerability in Web-based Applications" at
http://www.acros.si/papers/session_fixation.pdf
Sverre.
-- shh@thathost.com http://shh.thathost.com/
- Previous message: thanos F_at_rm@k1s: "RE: openbsd 3.4 ps bug"
- In reply to: Dawes, Rogan (ZA - Johannesburg): "RE: Can you exploit this XSS?"
- Next in thread: mark: "Re: Can you exploit this XSS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
