Not Just Paranoid

Another site by Pete Maynard

Click and cookie jacking

Using nikto I was able to find the follow two issues:

This will allow me to exploit the fact that I can generate my own cookie, using another users session. i.e. Logging in as another user. And to create a click jacking site which will pretend to be the original site.

To get the PHPSESSID open up the web console (Ctrl+Shift+k) and enter:

document.cookie.match(/PHPSESSID=[^;]+/)

28 Feb 2013 | Tags ( Exploit )

Website Last Updated on 13 Oct 2020 (CC BY-SA 4.0)

This site uses JQuery and nanogallery2 hosted by jsdelivr.net
for the Flickr photo feed and GoatCounter for user insights.