On Sunday 07 August 2005 20:27, Bipin Gautam wrote: > BUT, i remember testing it on PHPBB back then, i don't think you can > take over the session on that! (i may be wrong). YAP, but there are > LOTS of sites & applications out there from which you can easily steal > away sessions.
Well, if the client's IP address used for a given session is stored in a session variable it's not possible to steal an active session from another IP address. That's probably their way of working around this problem. - Vincent van Scherpenseel _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
