|
Title: chatid hijacking Post by: rsd on January 21, 2010, 01:52:48 PM This seems to be a potential security issue, but I need to check further.
chatid is the id from the traffic table, which is created in $live->newvisitor(). however, $live->chatid() accepts it from a cookie, if not on session: Code: if (isset($_COOKIE['hcl_chatid']) && !isset($_SESSION['hcl_chatid'])) $_SESSION['hcl_chatid'] = $_COOKIE['hcl_chatid']; So an attacker can try to guess a chatid from another user. I am not sure yet to which extension this can be a problem, but I would like to hear from someone who knows better. |