[Zope] Zope.org membership
Graham Chiu
anon_emouse@hotmail.com
Tue, 23 May 2000 14:54:36 +1300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In article <39297D24.A6A7797F@imeme.net>, mindlace <mindlace@imeme.net>
writes
>This link should show you all the cookies you have at www.zope.org:
>
>http://www.securityspace.com%2fexploit%2fexploit_1b.html%3fdomain==.www.zope.org
>/#exploit_1
>
Interesting. I run a Javascript free site anyway :-)
>
>I will, however, look into other possibilities, like maybe your password
>could be filled in server side, if some appropriate check can be made.
That's what I do. I store the userid and a sessionid in the user's
cookie cache as a permanent (optional) cookie, and if they both match
with what I have saved server side, then I display the userid and
password which has also been stored server side.
Obviously this is also vulnerable :-(
- --
Regards, Graham Chiu
gchiu<at>compkarori.co.nz
http://www.compkarori.co.nz/index.php
Powered by Interbase and Zope
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBOSlKLbTRdIWzaLpMEQKsAQCcCDyUGBbH4iSP95kWtTW+JX5CrtkAoP3d
3QBPS4irbCnFOl442OgJgboG
=EJJM
-----END PGP SIGNATURE-----