Full Disclosure mailing list archives
Re: Announcing "Session Destroyer" -- Invalidate yourwebapp logins with ease!
From: "Admin - Opencosmo Security" <admin () opencosmo com>
Date: Wed, 24 Dec 2008 14:39:26 +0100
Hi, yes it's not new but is beautiful view new PoC for study. Thank you and happy holidays. Alfredo Panzera Opencosmo Security www.opencosmo.com ----- Original Message ----- From: "Kristian Erik Hermansen" <kristian.hermansen () gmail com> To: <full-disclosure () lists grok org uk> Sent: Wednesday, December 24, 2008 2:20 PM Subject: [Full-disclosure] Announcing "Session Destroyer" -- Invalidate yourwebapp logins with ease!
The art of Crowd SuRFing the massess. This proof-of-concept handles most of the Alexa Top 100 websites that require logins. Mainly just US sites for now, but more will be added later. If you pull this into an IFRAME on your site, you can mess with lots of people. Nothing new. Just something fun for the season. Cheers and happy holidays :-) http://kristian.hermansen.googlepages.com/session.destroyer.html -- Kristian Erik Hermansen Have you tried Session Destroyer yet? <http://kristian.hermansen.googlepages.com/session.destroyer.html> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ __________ Information from ESET Smart Security, version of virus
signature database 3716 (20081224) __________
The message was checked by ESET Smart Security. http://www.eset.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Announcing "Session Destroyer" -- Invalidate your webapp logins with ease! Kristian Erik Hermansen (Dec 24)
- Re: Announcing "Session Destroyer" -- Invalidate yourwebapp logins with ease! Admin - Opencosmo Security (Dec 24)