[Owasp-testing] Copy Cookies

Dave van Stein dvstein at gmail.com
Thu Jul 22 03:54:32 EDT 2010


2010/7/22 Stephen de Vries stephen at twisteddelight.org

>
> I wouldn't really call this a vulnerability, it's how 99% of the web
> applications on the internet work.
>

And 95% of the application accept and use user input unvalidated ... Is that
not a vulnerability either then ?

Session hijacking IS a vulnerability. You can prevent it and it should be
prevented.
The problem is that many apps where you can abuse this probabely have more
easy to exploit vulnerabilities to why bother exploiting it.


>
>
> Stephen
>  _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20100722/45ca2ebf/attachment.html 


More information about the Owasp-testing mailing list