Web Application Security
Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
RE: Unable to impersonate another user although having its cookie
Jul 01 2009 04:26PM
Hellman, Matthew (Hellman Matthew principal com)
>>The probe I do is opening two sessions with two different users (one
>>in internet explorer and one in firefox). Then I copy the cookie
>>belonging to one user and substitute it in a request done by the other
>>user (using WebScarab). The app throws and error and disconnects the
>>validated and le...
[ more ]
Copyright 2010, SecurityFocus