I am confused about the PHPSESSID exploit. If I change document.cookie to another active user's (on a simple social media site like youtube or instagram [just an example]) PHPSESSID, will the page reload with me being logged into that user's account? Will I also need to know that user's password? Note: I will not actually do that but I want to learn what would happen. Thank you!
P.S I am not familiar with this so please excuse my lack of knowledge:)
Aucun commentaire:
Enregistrer un commentaire