Full Disclosure mailing list archives
Re: Referers Are Evil
From: Vincent van Scherpenseel <mailinglists () vanscherpenseel nl>
Date: Sun, 7 Aug 2005 22:41:53 +0200
On Sunday 07 August 2005 20:27, Bipin Gautam wrote:
BUT, i remember testing it on PHPBB back then, i don't think you can take over the session on that! (i may be wrong). YAP, but there are LOTS of sites & applications out there from which you can easily steal away sessions.
Well, if the client's IP address used for a given session is stored in a session variable it's not possible to steal an active session from another IP address. That's probably their way of working around this problem. - Vincent van Scherpenseel _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Referers Are Evil Ripe Md (Aug 07)
- Re: Referers Are Evil Bipin Gautam (Aug 07)
- Re: Referers Are Evil Vincent van Scherpenseel (Aug 07)
- Re: Referers Are Evil Nicolas Rachinsky (Aug 07)
- Re: Referers Are Evil Steve Friedl (Aug 07)
- Re: Referers Are Evil Tim (Aug 07)
- Re: Referers Are Evil Vincent van Scherpenseel (Aug 07)
- Re: Referers Are Evil Bipin Gautam (Aug 07)