>And you get somebody else's hash value, how? It's present in the OP's code, so I'd assume Google [eventually] or visiting a vulnerable page. The question is: how secure is the backend? Imagine someone getting your hash, creating a specially crafted cookie, and injecting code on your "view my stolen cookies" page.
On Mon, May 7, 2012 at 8:03 AM, <[email protected]> wrote: > On Mon, 07 May 2012 02:27:33 +0530, karniv0re said: > > > And this is anonymous.. How?? > > Haven't checked, but if you set up the userid/password via Tor, should > be pretty anonymous. > > > http://www.getmycookie.com/view.m3?hash=<insert_hash_here> > > And you get somebody else's hash value, how? > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
