Bugtraq mailing list archives
Brute-Forcing Web Application Session IDs
From: dendler () idefense com
Date: Tue, 13 Nov 2001 09:52:53 -0500
Hello, iDEFENSE Labs has released a paper entitled "Brute-Force Exploitation of Web Application Session IDs." It covers the basics of brute-forcing web applications through guessing or reverse engineering state session IDs which are often used for authentication purposes. Several examples are shown using some familiar web sites and applications on how stealing or mimicking a legitimate user's credentials is possible. All relevant vendors and site administrators were informed responsibly before publication. The paper is available at http://www.idefense.com/sessionids.html David Endler Director, iDEFENSE Labs dendler () idefense com www.idefense.com
Current thread:
- Brute-Forcing Web Application Session IDs dendler (Nov 13)