Full Disclosure mailing list archives
Re: Referers Are Evil
From: Nicolas Rachinsky <fd-0 () ml turing-complete org>
Date: Sun, 7 Aug 2005 22:54:55 +0200
* Vincent van Scherpenseel <mailinglists () vanscherpenseel nl> [2005-08-07 22:41 +0200]:
On Sunday 07 August 2005 20:27, Bipin Gautam wrote:BUT, i remember testing it on PHPBB back then, i don't think you can take over the session on that! (i may be wrong). YAP, but there are LOTS of sites & applications out there from which you can easily steal away sessions.Well, if the client's IP address used for a given session is stored in a session variable it's not possible to steal an active session from another IP address. That's probably their way of working around this problem.
What if the attacker is behind the same proxy? Nicolas -- http://www.rachinsky.de/nicolas _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Referers Are Evil Ripe Md (Aug 07)
- Re: Referers Are Evil Bipin Gautam (Aug 07)
- Re: Referers Are Evil Vincent van Scherpenseel (Aug 07)
- Re: Referers Are Evil Nicolas Rachinsky (Aug 07)
- Re: Referers Are Evil Steve Friedl (Aug 07)
- Re: Referers Are Evil Tim (Aug 07)
- Re: Referers Are Evil Vincent van Scherpenseel (Aug 07)
- Re: Referers Are Evil Bipin Gautam (Aug 07)