Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Slashdot: Gmail Accounts Vulnerable to XSS Exploit
From: "morning_wood" <se_cur_ity () hotmail com>
Date: Sat, 30 Oct 2004 19:13:05 -0700

this is the exact ISSUE !!!
YOU SCORE BONUS POINTS!!!


Indeed, but surely the cookie information stored should be dependant on
the user's authentication details? It makes sense to use semi-dynamic
cookie information like this, making holes like this one a little more
hard to 'gain and keep' access.


there is a [x] box..

"Don't ask for my password for 2 weeks."

this sets the users cookie. Gmail uses the cookie for authentication.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault