An interesting question in this case is how to do an injection using
cookies, injection attacks are generally performed using post & get data
as they can be inserted to a link on another page. Getting a working
exploit would probably come down to how the browser implemented the
cookie security; w
>>
>> If this is the value directly from the cookie, it's an example of a
>> cross-site scripting (XSS) vulnerability.
>>
>>> header("Location: $HTTP_REFERER");
>>
>>
>> This is an HTTP response splitting vulnerability, because the Referer
>> header (like the Cookie header) is provided by the clie
tedd wrote:
It's not entirely clear from this example, but am I correct in
assuming that $thestyle is the same as $_COOKIE['thestyle'] in this
case? In other words, are you relying on register_globals or
assigning the value yourself?
If this is the value directly from the cookie, it's an
tedd wrote:
It's not entirely clear from this example, but am I correct in assuming
that $thestyle is the same as $_COOKIE['thestyle'] in this case? In
other words, are you relying on register_globals or assigning the value
yourself?
If this is the value directly from the cookie, it's an
Which "someone" could do this, is another question I have. The user? He's do
something to his own computer, no?
Gerry
On 3/14/06, tedd <[EMAIL PROTECTED]> wrote:
>
> Hi:
>
> I've been using a php style switcher allowing users to change css.
> The code follows:
>
> Within the head tags.
>
>
>
> W
5 matches
Mail list logo
