[VIM] WebAPP Audit

[WebAPP]

There was an attempt again today to hijack the admin account using altered cookies. This attempt was unsuccessful. We know who made the attempt and suspect it to be the same person as last time. This time the method was recorded. If the same method was used, apparently the current patch we are using on the site is successful at preventing this. There will be a new version out soon.

Guys, It's not very helpful to read about how people have found exploits and not be told what they are. We're trying our best at web-app.org to catch up with long neglected security issues. Any information you might have would be helpful.

Were you saying you found some exploits?

Jos Brown
web-app.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.attrition.org/pipermail/vim/attachments/20070321/7c3068b7/attachment-0001.html