From: Lachniet, Mark (mlachniet@sequoianet.com)
Date: Fri Dec 12 2003 - 08:49:01 EST
As a tangent on this conversation, does anyone have a good example they
would like to share of some tricky XSS cookie stealing code? (for
inclusion in HTML email, malicious web page, etc.)
Thanks,
Mark Lachniet
-----Original Message-----
From: Achim Dreyer [mailto:adreyer@math.uni-paderborn.de]
Sent: Thursday, December 11, 2003 11:55 AM
To: Rajesh Jose
Cc: pen-test@securityfocus.com
Subject: RE: XSS with encrypted cookie?
On Thu, 11 Dec 2003, Rajesh Jose wrote:
> Hi,
>
> I didn't get "encrypted session token cookie". Normally nobody will be
> encrypting a session token. So far as the session token is strongly
> random nothing can be achieved by encrypting it.
> Or did you mean secure cookie?
> Secure cookie is a cookie which can be fetched by the server only
> through a SSL channel.
>
> In all these cases "encrypted, not-encrypted and secured" it is
possible
> to fetch a cookie through XSS attack and replay the session.
>
> Replaying of session token will not possible if the application is
using
> source IP for session validation.
.. unless of course when user and attacker live on the same system,
which
is quite possible on any unix system or something like a citrix server
(farm).
Regards,
Achim Dreyer
-- A. Dreyer, Senior SysAdmin (UNIX&Network) / Internet Security Consultant ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:44 EDT