-
January 12th, 2002, 10:58 PM
#1
Geeklog Permanent Cookie Account Hijacking Vulnerability
Geeklog is freely available, open-source weblog software. It allows users to create a virtual community area, complete with user administration, story posting, etc. It is possible to edit the UID in the cookie to that of another user to gain access to their account.
This issue can be exploited to gain an administrative account with the service.
Read more at www.xatrix.org if you want to be informed...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|