In-Reply-To: <20020714213121.A7F7E36F9@sitemail.everyone.net> >Instead of using something like @stake web proxy, could you also save the >html output of (/accounts/updateuserdesc.asp) locally and change username >to administrator and re-submit the form? I am not sure, it depends on how your browser handles the cookies. The login cookie is a ASP session cookie. >And how are they validating the user name after applying the patch ? You can look at the patch, it is in ASP, so you can read it. All it does is to select the users you have the rights to admin, and checks that the user you are editing is one of those users. > >Regards, >--------- >Muhammad Faisal Rauf Danka > >Chief Technology Officer >Gem Internet Services (Pvt) Ltd. >web: www.gem.net.pk
