[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Referers Are Evil
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Referers Are Evil
- From: Vincent van Scherpenseel <mailinglists@xxxxxxxxxxxxxxxxxx>
- Date: Sun, 7 Aug 2005 22:41:53 +0200
On Sunday 07 August 2005 20:27, Bipin Gautam wrote:
> BUT, i remember testing it on PHPBB back then, i don't think you can
> take over the session on that! (i may be wrong). YAP, but there are
> LOTS of sites & applications out there from which you can easily steal
> away sessions.
Well, if the client's IP address used for a given session is stored in a
session variable it's not possible to steal an active session from another
IP address. That's probably their way of working around this problem.
- Vincent van Scherpenseel
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/