nt: Friday, June 07, 2002 1:44 AM
> To: [EMAIL PROTECTED]
> Subject: [PHP] the ?PHPSESSID=spoofme 'bug'
>
>
> Can I tell you more than what the subject says?
> proceeding:
> Close the browser, clean all your cookies, and open any page with that
> ?PHPSESSID=
Can I tell you more than what the subject says?
proceeding:
Close the browser, clean all your cookies, and open any page with that
?PHPSESSID=spoofme appended.
And see what happens.
1) No cookies are left
2) a session 'spoofme' is created
Do you need more? Javascript url injection ad cross site
2 matches
Mail list logo