tag: Exploit

Click and cookie jacking

28 Feb, 2013 - 1 minutes
Using nikto I was able to find the follow two issues: The anti-clickjacking X-Frame-Options header is not present. Cookie PHPSESSID created without the httponly flag This will allow me to exploit the fact that I can generate my own cookie, using another users session. i.e. Logging in as another user. And to create a click jacking site which will pretend to be the original site. To get the PHPSESSID open up the web console (Ctrl+Shift+k) and enter: