[Owasp-testing] Copy Cookies
Dave van Stein
dvstein at gmail.com
Thu Jul 22 03:54:32 EDT 2010
2010/7/22 Stephen de Vries stephen at twisteddelight.org
> I wouldn't really call this a vulnerability, it's how 99% of the web
> applications on the internet work.
And 95% of the application accept and use user input unvalidated ... Is that
not a vulnerability either then ?
Session hijacking IS a vulnerability. You can prevent it and it should be
The problem is that many apps where you can abuse this probabely have more
easy to exploit vulnerabilities to why bother exploiting it.
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-testing