low-priority security / admin alert
Brought to you by:
lkcl
Menu
▾
▴
#4 low-priority security / admin alert
the cookie that is issued for the user is the same that
is issued for an administrator. therefore, an ordinary
user may take their cookie and submit it under a
different name, and might think that they can gain
admin privileges.
fortunately, this can only occur on browsers operating
from the ip range 192.168.1.* due to the internal
restrictions in the cgi scripts.