Home page logo

pen-test logo Penetration Testing mailing list archives

XSS with encrypted cookie?
From: "pire pire" <pirepire69 () romandie com>
Date: Wed, 10 Dec 2003 08:44:07 +0100


I'm wondering if it's possible via a XSS attack to steal an 
encrypted cookie (actually it's a session token)? (with some 
javascript like: document.cookie etc...)

If yes, is it also possible to replay this cookie? (of course the 
session must still be valid on the server)

I know it works with regular cookie. 

Thanks a lot for your help


La messagerie gratuite des romands : 10 MO !!!
Profitez-en ! >>> http://www.romandie.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]