RE: [PHP] the ?PHPSESSID=spoofme 'bug'

2002-06-11 Thread Johnson, Kirk
, 2002 1:44 AM To: [EMAIL PROTECTED] Subject: [PHP] the ?PHPSESSID=spoofme 'bug' Can I tell you more than what the subject says? proceeding: Close the browser, clean all your cookies, and open any page with that ?PHPSESSID=spoofme appended. And see what happens. 1) No cookies are left 2

[PHP] the ?PHPSESSID=spoofme 'bug'

2002-06-07 Thread Giancarlo Pinerolo
Can I tell you more than what the subject says? proceeding: Close the browser, clean all your cookies, and open any page with that ?PHPSESSID=spoofme appended. And see what happens. 1) No cookies are left 2) a session 'spoofme' is created Do you need more? Javascript url injection ad cross