|
Vulnerability Development
mailing list archives
Re: Cookies
From: "Richard M. Smith" <rms () PRIVACYFOUNDATION ORG>
Date: Sun, 6 Aug 2000 16:28:15 -0400
Hi George,
Yep, I thought about it some. Never did an experiments however.
I assume that it is illegal to break into someone else's Web server
in this way. The nickname I gave to the problem is "poison cookie".
It seems like it might happen pretty often. I doubt
a lot of programmers validate their cookie values since they
assume the values are okay because they wrote them in the first place.
The buffer overflows could occur in a number of different
places:
- The Web server software
- A database engine that is passed a cookie value
- A CGI script written in C or C++ that process cookies
- The interface code that processes a cookie for a
scripting engine for a language like Perl, PHP,
VBScript or JavaScript.
Besides buffer overflows, in might also be possible to
break into a database if a cookie value is blindly pasted
into an SQL statement.
Richard
-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of
George
Sent: Sunday, August 06, 2000 10:21 AM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Cookies
A few friends of mine were discussing the possibility of a custom crafted
cookie replacing a valid cookie on a client machine being used to exploit
the web server that placed the first cookie on the client.
Has anyone looked at the possibility of editing a cookie to search
for/exploit buffer overflows in the server side code that reads
cookies? If
there is any information on this sort of technique I would appreciate a
pointer.
Geo.
 By Date 
By Thread
Current thread:
Re: Cookies Ryan Permeh (Aug 07)
Re: Cookies Richard M. Smith (Aug 07)
Re: Cookies Crispin Cowan (Aug 07)
Re: Cookies netsec [davidv] (Aug 08)
|
Intro
