|
|
|
|
|
|
by LordLandon
5601 days ago
|
|
|
Nothing's stopping the phishing site from going and logging in once the token's phished, and logging the cookie as opposed to just logging the password+token. And you get a lot more seconds if you log in within those 10 seconds. |
|
|