Vulnerability Development mailing list archives
Re: Can you exploit this XSS?
From: "Sverre H. Huseby" <shh () thathost com>
Date: Fri, 21 Nov 2003 21:04:25 +0100
[Dawes, Rogan] | I get your cookie, you log in on the next step, and the cookie | does not change (for *MANY* applications). Now I have your cookie, | and it is for an authenticated session. v For much more on this, see Mitja Kolsek's nice paper kalled "Session Fixation Vulnerability in Web-based Applications" at http://www.acros.si/papers/session_fixation.pdf Sverre. -- shh () thathost com http://shh.thathost.com/
Current thread:
- Re: Can you exploit this XSS?, (continued)
- Re: Can you exploit this XSS? Paul Johnston (Nov 19)
- Re: Can you exploit this XSS? dd (Nov 19)
- Re: Can you exploit this XSS? Sverre H. Huseby (Nov 20)
- Re: Can you exploit this XSS? Paul Johnston (Nov 20)
- Re: Can you exploit this XSS? mark (Nov 25)
- Re: Can you exploit this XSS? Peter Pentchev (Nov 26)
- RE: Can you exploit this XSS? Scovetta, Michael V (Nov 19)
- Re: Can you exploit this XSS? Paul Johnston (Nov 19)
- RE: Can you exploit this XSS? Parity (Nov 24)
- RE: Can you exploit this XSS? Dawes, Rogan (ZA - Johannesburg) (Nov 21)
- Re: Can you exploit this XSS? Sverre H. Huseby (Nov 21)