카테고리 없음

gnuboard csrf

진모씨 2013. 1. 17. 12:26

gnuboard csrf exploit


first, get session key from cookie

ex) gq7v3u3led04lebg1tp7slr6i3

next, get session key.

/data/session/sess_gq7v3u3led04lebg1tp7slr6i3

(some sites can't be exploited by this method)

and use it!