Re: RE: TimeTrex Time and Attendance Cookie Theft

From: hi@hi.com
To: bugtraq@securityfocus.com
Cc:
Subject: Re: RE: TimeTrex Time and Attendance Cookie Theft
Date:


Even if it did work, the user would have to submit the form with the username or password fields containing the exploit code rather then enter their own information.

Pretty unlikely to pull off.

Regardless I talked to the developers and any potential issue will be fixed in v2.2.13 which is scheduled to be released before August 25th 2008.





Copyright © 1995-2021 LinuxRocket.net. All rights reserved.