|
Posted by julianmlp on 05/28/06 01:25
Janwillem Borleffs wrote:
> julianmlp@gmail.com wrote:
> > What I was wondering is: Is there any (simple/easy) way to hijack a
> > cookie remotely? (to be afraid of)
> >
>
> When you have the session ID, all you need to do is to pass it as a cookie
> header (not from a URL) to fake the call.
I forgot to mention that the cookie's value isn't the same as the
session ID value...
It's something like that:
$val = sha1($ID_session + $HiddenStringWhichNeverLeaveTheServer)
[Back to original message]
|