Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
From: morning_wood (se_cur_ityhotmail.com)
Date: Sat Oct 30 2004 - 21:13:05 CDT
this is the exact ISSUE !!!
YOU SCORE BONUS POINTS!!!
> Indeed, but surely the cookie information stored should be dependant on
> the user's authentication details? It makes sense to use semi-dynamic
> cookie information like this, making holes like this one a little more
> hard to 'gain and keep' access.
> > there is a [x] box..
> > "Don't ask for my password for 2 weeks."
> > this sets the users cookie. Gmail uses the cookie for authentication.
Full-Disclosure - We believe in it.