[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit

To: <full-disclosure@xxxxxxxxxxxxxxxx>, <enune@xxxxxxxxxxx>
Subject: Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
From: "morning_wood" <se_cur_ity@xxxxxxxxxxx>
Date: Sat, 30 Oct 2004 19:13:05 -0700

this is the exact ISSUE !!!
YOU SCORE BONUS POINTS!!!


> Indeed, but surely the cookie information stored should be dependant on
> the user's authentication details? It makes sense to use semi-dynamic
> cookie information like this, making holes like this one a little more
> hard to 'gain and keep' access.
> 
> 
> > there is a [x] box..
> >
> > "Don't ask for my password for 2 weeks."
> >
> > this sets the users cookie. Gmail uses the cookie for authentication.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
  - From: n3td3v

References:
- [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
  - From: Shoshannah Forbes
- Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
  - From: Calum Power
- Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
  - From: morning_wood
- Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
  - From: Calum Power

Prev by Date: Re: [Full-Disclosure] Slightly off-topic: www.georgewbush.com
Next by Date: [Full-Disclosure] Re: I will be awaiting your immediate response.
Previous by thread: Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
Next by thread: Re: [Full-Disclosure] Slashdot: Gmail Accounts Vulnerable to XSS Exploit
Index(es):
- Date
- Thread