Bugtraq mailing list archives
Re: RE: TimeTrex Time and Attendance Cookie Theft
From: hi () hi com
Date: 22 Aug 2008 18:53:29 -0000
Even if it did work, the user would have to submit the form with the username or password fields containing the exploit code rather then enter their own information. Pretty unlikely to pull off. Regardless I talked to the developers and any potential issue will be fixed in v2.2.13 which is scheduled to be released before August 25th 2008.
Current thread:
- TimeTrex Time and Attendance Cookie Theft DoZ (Aug 21)
- RE: TimeTrex Time and Attendance Cookie Theft Alex Eden (Aug 22)
- Re: TimeTrex Time and Attendance Cookie Theft Mike (Aug 23)
- <Possible follow-ups>
- Re: RE: TimeTrex Time and Attendance Cookie Theft hi (Aug 22)