Matt,
On 17-mrt-2006, at 10:26, [EMAIL PROTECTED] wrote:
p.s. ^^^ that email address does not work, and earlier reply got
bounced.
My problem with this report is this:
1) You've not even read the IPB code. You've stated elsewhere that
"using sessions in the URL may appear in JS pop-up wi
On Thu, 16 Mar 2006, [EMAIL PROTECTED] wrote:
This report is ridiculous and quite frankly shows that the author does not
understand how IPB works.
Yes, the author is correct in finding that if you: copy the user's IP address, copy the
user's user-agent and copy the user's session ID then th
Please don't take this discussion off-list. You need to hit the "Reply
to all" button in your Mozilla mailer.
Hans Wolters wrote:
Hans Wolters wrote:
Matt,
But you still need to see the session-id to be able to hijack the
session, and for that you need to see someones desktop.
Once yo
Hans Wolters wrote:
Matt,
On 16-mrt-2006, at 15:55, [EMAIL PROTECTED] wrote:
This report is ridiculous and quite frankly shows that the author
does not understand how IPB works.
Yes, the author is correct in finding that if you: copy the user's IP
address, copy the user's user-agent and c
Hans,
My problem with this report is this:
1) You've not even read the IPB code. You've stated elsewhere that "using
sessions in the URL may appear in JS pop-up windows". IPB does NOT do this. IPB
removes the session ID for all links, including JS code when cookies are
enabled.
2) You're miss
Matt,
On 16-mrt-2006, at 15:55, [EMAIL PROTECTED] wrote:
This report is ridiculous and quite frankly shows that the author
does not understand how IPB works.
Yes, the author is correct in finding that if you: copy the user's
IP address, copy the user's user-agent and copy the user's sessio
This report is ridiculous and quite frankly shows that the author does not
understand how IPB works.
Yes, the author is correct in finding that if you: copy the user's IP address,
copy the user's user-agent and copy the user's session ID then they can
"hijack" your session.
That's because, to
Hi,
On Tue, Mar 14, 2006 at 07:32:16PM +0100, Hans Wolters wrote:
>
> Once you visit a site where Invision Board is used the first click on
> the Log In link points the visitor to a link with the session id in it:
>
> index.php?s=&act=Login&CODE=00
>
> If you copy this session id, login and s