Bugtraq: Re: RE: TimeTrex Time and Attendance Cookie Theft

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: RE: TimeTrex Time and Attendance Cookie Theft

From: hi () hi com
Date: 22 Aug 2008 18:53:29 -0000

Even if it did work, the user would have to submit the form with the username or password fields containing the exploit 
code rather then enter their own information.

Pretty unlikely to pull off.

Regardless I talked to the developers and any potential issue will be fixed in v2.2.13 which is scheduled to be 
released before August 25th 2008.

By Date By Thread

Current thread:

TimeTrex Time and Attendance Cookie Theft DoZ (Aug 21)
- RE: TimeTrex Time and Attendance Cookie Theft Alex Eden (Aug 22)
- Re: TimeTrex Time and Attendance Cookie Theft Mike (Aug 23)
- <Possible follow-ups>
- Re: RE: TimeTrex Time and Attendance Cookie Theft hi (Aug 22)