If we have a website to test under grey hat for security vulnerabilities, do we report session hijacking as a bug since we can get session of another user after replacing their session id with ours??
Aucun commentaire:
Enregistrer un commentaire