There is a very similar trick: Often you also can take over PHP-session and get
authentificated as another user, if you just log referers of an image loaded
using [IMG][/IMG]. The user needs to have disabled cookies so that the
PHPSESSION is set in URL. This can be done automatically using a
alrighty,
How can this be done with header location being called in the middle
of the page?
img src=http://www.site.biz/test/test.jpg; border=0 /
Tested on phpbb 2.0.17 default install with a no go.
/str0ke
On 8/21/05, h4cky0u [EMAIL PROTECTED] wrote:
Hi,
Saw this one on www.waraxe.us
Hi,
Saw this one on www.waraxe.us (Discovered by Easyex) and i was
thinking if there are some more possibilities using the method
described. The POC below is for phpBB. -
==
make yourself a folder on your host
rename the folder to signature.jpg
this will trick bbcode that its an image
