subject:"\"\\\[PHP\\\] the \\\?PHPSESSID=spoofme 'bug'\""

RE: [PHP] the ?PHPSESSID=spoofme 'bug'

2002-06-11 Thread Johnson, Kirk

nt: Friday, June 07, 2002 1:44 AM > To: [EMAIL PROTECTED] > Subject: [PHP] the ?PHPSESSID=spoofme 'bug' > > > Can I tell you more than what the subject says? > proceeding: > Close the browser, clean all your cookies, and open any page with that > ?PHPSESSID=

[PHP] the ?PHPSESSID=spoofme 'bug'

2002-06-07 Thread Giancarlo Pinerolo

Can I tell you more than what the subject says? proceeding: Close the browser, clean all your cookies, and open any page with that ?PHPSESSID=spoofme appended. And see what happens. 1) No cookies are left 2) a session 'spoofme' is created Do you need more? Javascript url injection ad cross site