Home page logo
/

pen-test logo Penetration Testing mailing list archives

Example of XSS cookie stealing code?
From: "Lachniet, Mark" <mlachniet () sequoianet com>
Date: Fri, 12 Dec 2003 08:49:01 -0500

As a tangent on this conversation, does anyone have a good example they
would like to share of some tricky XSS cookie stealing code?  (for
inclusion in HTML email, malicious web page, etc.)

Thanks,

Mark Lachniet


-----Original Message-----
From: Achim Dreyer [mailto:adreyer () math uni-paderborn de]
Sent: Thursday, December 11, 2003 11:55 AM
To: Rajesh Jose
Cc: pen-test () securityfocus com
Subject: RE: XSS with encrypted cookie?


On Thu, 11 Dec 2003, Rajesh Jose wrote:

Hi,

I didn't get "encrypted session token cookie". Normally nobody will be
encrypting a session token. So far as the session token is strongly
random nothing can be achieved by encrypting it.
Or did you mean secure cookie? 
Secure cookie is a cookie which can be fetched by the server only
through a SSL channel.

In all these cases "encrypted, not-encrypted and secured" it is
possible
to fetch a cookie through XSS attack and replay the session. 

Replaying of session token will not possible if the application is
using
source IP for session validation.

.. unless of course when user and attacker live on the same system,
which
is quite possible on any unix system or something like a citrix server 
(farm). 




Regards,
Achim Dreyer
--
A. Dreyer, Senior SysAdmin (UNIX&Network) / Internet Security Consultant


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Example of XSS cookie stealing code? Lachniet, Mark (Dec 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault