[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wbb 2.3. xss

To: r57shell@xxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Wbb 2.3. xss
From: Adrian <adrian@xxxxxxxxxxxxxxxx>
Date: Sat, 4 Mar 2006 20:32:03 +0100

Thats not a real problem.
You need a valid acp session id which is impossible to get unless you
compromise the system of an administrator (it's not stored in a
cookie).
Additionally it's in the admin cp, so it's not exploitable by bad
people unless you give them acp access.

References:
- Wbb 2.3. xss
  - From: r57shell

Prev by Date: Re: Various router DoS
Next by Date: vulnerability in the IE Java applet initialization engine
Previous by thread: Wbb 2.3. xss
Next by thread: Visual Studio 6.0 Buffer Overflow Vulnerability
Index(es):
- Date
- Thread