|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
XSS and hijacking vuln at phpgroupware
From: Hokkaido (hokkaido
serverart.org)
Date: Mon Mar 22 2004 - 09:36:58 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In http://www.securityfocus.com/advisories/5677 we can find an advisory
about XSS vulnerabilty at phpgroupware. It says about html tags and script
inejctions, but I didn't find anything about session hijack.
The raw way to see that is copy the URL with SESSIONID while logged and
paste it at another machine or a different browser.
This post is from a newbie so, comments, corrections, advices, flames are
really welcome.
-- This mail is for the list only. Find me at hokkaidohush.com
------------------------------------------------------------------
This email was checked by AMaViS anti-virus system !
Get yourself a free email address at http://mail.serverart.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]