-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In article <39297D24.A6A7797F@imeme.net>, mindlace <mindlace@imeme.net> writes
This link should show you all the cookies you have at www.zope.org:
http://www.securityspace.com%2fexploit%2fexploit_1b.html%3fdomain==.www.zope... /#exploit_1
Interesting. I run a Javascript free site anyway :-)
I will, however, look into other possibilities, like maybe your password could be filled in server side, if some appropriate check can be made.
That's what I do. I store the userid and a sessionid in the user's cookie cache as a permanent (optional) cookie, and if they both match with what I have saved server side, then I display the userid and password which has also been stored server side. Obviously this is also vulnerable :-( - -- Regards, Graham Chiu gchiu<at>compkarori.co.nz http://www.compkarori.co.nz/index.php Powered by Interbase and Zope -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBOSlKLbTRdIWzaLpMEQKsAQCcCDyUGBbH4iSP95kWtTW+JX5CrtkAoP3d 3QBPS4irbCnFOl442OgJgboG =EJJM -----END PGP SIGNATURE-----