Google Blogoscoped

Forum

Session handle

Jermy [PersonRank 0]

Wednesday, July 25, 2007
16 years ago2,208 views

accenturebicontest.com/

this site does'nt handle the session properly the directory are quite visible.
i think directory traversal is quite possible

go to this site using firefox . using webdeveloper tool remove PHPSESSID value ,then reload the page.They havent tested properly.

[Unlinked, just in case. -Philipp]

Suresh S [PersonRank 10]

16 years ago #

yes , tried it error on session management

Suresh S [PersonRank 10]

16 years ago #

There is one more problem. the site is prone to GET request attack a ampersand symbol to the parameter causes mysql errors

please login and use this
  
http://accenturebicontest.com/forum.php?id=&

Forum home

>> More posts

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!