文档cookies可以允许攻击者劫持会话或使用所窃取的凭证进行登录。
The document cookies can allow the attacker to hijack sessions or log in with stolen credentials.
我们已经描述了两个典型的Web应用程序技术漏洞:会话控制和劫持漏洞,以及注入漏洞。
We've already described two typical vulnerabilities for Web application technologies: session riding and hijacking vulnerabilities and injection vulnerabilities.
从技术上来说,标识可以被另一个用户模仿,原始用户的会话可能会被劫持。
Technically, an ID can be mimicked by another user and the original user can have the session hijacked.
应用推荐