Bugtraq mailing list archives
Re: Wbb 2.3. xss
From: Adrian <adrian () planetcoding net>
Date: Sat, 4 Mar 2006 20:32:03 +0100
Thats not a real problem. You need a valid acp session id which is impossible to get unless you compromise the system of an administrator (it's not stored in a cookie). Additionally it's in the admin cp, so it's not exploitable by bad people unless you give them acp access.
Current thread:
- Wbb 2.3. xss r57shell (Mar 04)
- Re: Wbb 2.3. xss Adrian (Mar 06)