Using nikto I was able to find the follow two issues:
This will allow me to exploit the fact that I can generate my own cookie, using another users session. i.e. Logging in as another user. And to create a click jacking site which will pretend to be the original site.
To get the PHPSESSID open up the web console (Ctrl+Shift+k) and enter:
document.cookie.match(/PHPSESSID=[^;]+/)28 Feb 2013 | Tags ( Exploit )
Website Last Updated on 4 Oct 2024 (CC BY-SA 4.0)
This site uses JQuery and nanogallery2 hosted by jsdelivr.net
for the Flickr photo feed and GoatCounter for user insights.