|
Full Disclosure
mailing list archives
Re: Announcing "Session Destroyer" -- Invalidate yourwebapp logins with ease!
From: "Admin - Opencosmo Security" <admin () opencosmo com>
Date: Wed, 24 Dec 2008 14:39:26 +0100
Hi,
yes it's not new but is beautiful view new PoC for study.
Thank you and happy holidays.
Alfredo Panzera
Opencosmo Security
www.opencosmo.com
----- Original Message -----
From: "Kristian Erik Hermansen" <kristian.hermansen () gmail com>
To: <full-disclosure () lists grok org uk>
Sent: Wednesday, December 24, 2008 2:20 PM
Subject: [Full-disclosure] Announcing "Session Destroyer" -- Invalidate
yourwebapp logins with ease!
The art of Crowd SuRFing the massess. This proof-of-concept handles
most of the Alexa Top 100 websites that require logins. Mainly just
US sites for now, but more will be added later. If you pull this into
an IFRAME on your site, you can mess with lots of people. Nothing
new. Just something fun for the season. Cheers and happy holidays
:-)
http://kristian.hermansen.googlepages.com/session.destroyer.html
--
Kristian Erik Hermansen
Have you tried Session Destroyer yet?
<http://kristian.hermansen.googlepages.com/session.destroyer.html>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
__________ Information from ESET Smart Security, version of virus
signature database 3716 (20081224) __________
The message was checked by ESET Smart Security.
http://www.eset.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
Intro
