WebApp Sec mailing list archives
XSS and hijacking vuln at phpgroupware
From: "Hokkaido" <hokkaido () serverart org>
Date: Mon, 22 Mar 2004 15:36:58 -0000
In http://www.securityfocus.com/advisories/5677 we can find an advisory about XSS vulnerabilty at phpgroupware. It says about html tags and script inejctions, but I didn't find anything about session hijack. The raw way to see that is copy the URL with SESSIONID while logged and paste it at another machine or a different browser. This post is from a newbie so, comments, corrections, advices, flames are really welcome. -- This mail is for the list only. Find me at hokkaido () hush com ------------------------------------------------------------------ This email was checked by AMaViS anti-virus system ! Get yourself a free email address at http://mail.serverart.org
Current thread:
- XSS and hijacking vuln at phpgroupware Hokkaido (Mar 22)