XSS Security Bug: Wikidot should be using HttpOnly solve problem
googology 29 Apr 2024 14:08
Overview, the bad user Akarin_22c does not match any existing user name(Account delete for against ToS to bomber websites) found XSS security bug. The XSS with cookie problem is not setting Http-Only.
If use Http-Only, the XSS is unable to use the Cookie to login other personal account.
So this is a good solution.
I STUPID.
I PREFER SPEAK CHINGLISH.
Unfold
XSS Security Bug: Wikidot should be using HttpOnly solve problem by googology, 29 Apr 2024 14:08