Home page logo

basics logo Security Basics mailing list archives

IP Spoofing??
From: "pire pire" <pirepire69 () romandie com>
Date: Tue, 2 Dec 2003 23:02:07 +0100


I've found a vulnerability in a Web App which 
gave me via an XSS the sessionID token.

I would like to replay this token. But the 
session ID manager (on the server) seems to look 
also to IP adresses. 

So my question is: Is there a way to spoof my ip 
address in order to replay the sessionID??

and some how spoof of my IP?!

If I replay the sessionid from my machine or an 
other machine behind my NAT (same outside IP) it 

Thanks a lot for your help


La messagerie gratuite des romands : 10 MO !!!
Profitez-en ! >>> http://www.romandie.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]