Cookie stealer miss-understanding

Discuss the many weaknesses of browser security and ways to mitigate the threat

Cookie stealer miss-understanding

Post by Tarof on Thu Apr 01, 2010 4:56 am
([msg=37558]see Cookie stealer miss-understanding[/msg])

Hi im an admin of a forum and i scan my forum with Acunetix and i find 2 xss vulnérability:

-forum/admin/index.php/>"><ScRiPt>alert(574951540479)</ScRiPt>

-net:80/forum/admin/index.php/%22%3E%3Cscript%3Ealert(427441417062)%3C/script%3E%3Ctd%20class=%22p

it say i can do this alert and i try and it work ...... and i try to use an cookie stealer insted of the alert and it send nothing. I know my cookie stealer work cause i already try it in somthing else. am i protected or someone can still cause some trouble? how do i correct it?
Tarof
New User
New User
 
Posts: 1
Joined: Thu Apr 01, 2010 4:33 am
Blog: View Blog (0)


Re: Cookie stealer miss-understanding

Post by sanddbox on Thu Apr 01, 2010 6:05 pm
([msg=37576]see Re: Cookie stealer miss-understanding[/msg])

Lawl, acunetix.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)


Re: Cookie stealer miss-understanding

Post by Kazilmar on Thu Apr 01, 2010 6:08 pm
([msg=37577]see Re: Cookie stealer miss-understanding[/msg])

what? : :( acunetix is not an good scanner?
Kazilmar
New User
New User
 
Posts: 3
Joined: Mon Mar 29, 2010 2:15 pm
Blog: View Blog (0)


Re: Cookie stealer miss-understanding

Post by sanddbox on Thu Apr 01, 2010 6:12 pm
([msg=37580]see Re: Cookie stealer miss-understanding[/msg])

Kazilmar wrote:what? : :( acunetix is not an good scanner?

Lawl, 'good scanner'.
Image

HTS User Composition:
95% Male
4.98% Female
.01% Monica
.01% Goat
User avatar
sanddbox
Expert
Expert
 
Posts: 2331
Joined: Sat Jul 04, 2009 5:20 pm
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests