Re: Wbb 2.3. xss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: Wbb 2.3. xss
From: Adrian <adrian@xxxxxxxxxxxxxxxx>
Date: Sat, 4 Mar 2006 20:32:03 +0100
In-reply-to: <20060304174215.26998.qmail@xxxxxxxxxxxxxxxxx>
References: <20060304174215.26998.qmail@xxxxxxxxxxxxxxxxx>
Reply-to: Adrian <adrian@xxxxxxxxxxxxxxxx>

Thats not a real problem.
You need a valid acp session id which is impossible to get unless you
compromise the system of an administrator (it's not stored in a
cookie).
Additionally it's in the admin cp, so it's not exploitable by bad
people unless you give them acp access.

References:
- Wbb 2.3. xss
  - From: r57shell

Prev by Date: Re: Various router DoS
Next by Date: vulnerability in the IE Java applet initialization engine
Previous by thread: Wbb 2.3. xss
Next by thread: Visual Studio 6.0 Buffer Overflow Vulnerability
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux