Geeklog Permanent Cookie Account Hijacking Vulnerability
Results 1 to 2 of 2

Thread: Geeklog Permanent Cookie Account Hijacking Vulnerability

  1. #1

    Geeklog Permanent Cookie Account Hijacking Vulnerability

    Geeklog is freely available, open-source weblog software. It allows users to create a virtual community area, complete with user administration, story posting, etc. It is possible to edit the UID in the cookie to that of another user to gain access to their account.
    This issue can be exploited to gain an administrative account with the service.

    Read more at www.xatrix.org if you want to be informed...
    Share on Google+

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    157

    shallow bug rpt

    The link you provided was redundant and didn't give very much more information than what you had posted on this board.

    I didn't find anything about it on SourceForge, either.


    Thanks for the "heads-up" though.
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-==-=
    Noah built the ark BEFORE it rained.


    http://ld.net/?rn
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-==-=
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •