|
IMHO Webmail Account Hijacking Vulnerability
The following example was provided: - Login with an valid user/passwd, - Logout - Goto URL : (((webmail_URL)))/(old_error,plain)/mail/error?error=1 This will cause the webserver to display a REFERER. This REFERER may be submitted to access another user's session. |
|
|
Privacy Statement |