XSS Security Bug: Wikidot should be using HttpOnly solve problem

Thread

Forum » Wikidot features and bugs / Bugs and problems » XSS Security Bug: Wikidot should be using HttpOnly solve problem

Started by: googology googology
Date: 29 Apr 2024 14:08
Number of posts: 1
rss icon RSS: New posts

googology googology 29 Apr 2024 14:08

Overview, the bad user Akarin_22c does not match any existing user name(Account delete for against ToS to bomber websites) found XSS security bug. The XSS with cookie problem is not setting Http-Only.

If use Http-Only, the XSS is unable to use the Cookie to login other personal account.

So this is a good solution.

I STUPID.
I PREFER SPEAK CHINGLISH.

by googology googology , 29 Apr 2024 14:08

/forum/t-16801299/xss-security-bug:wikidot-should-be-using-httponly-solve-prob#post-

Bookmark and Share

Wikidot Community

hints / tips / help / discussion