Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: Cross Site Cooking

RE: Cross Site Cooking

From: Amit Klein (AKsecurity) <aksecurity_at_hotpop.com>
Date: Sun, 29 Jan 2006 17:56:30 +0000 (GMT)

    Problem #1 - trouble with these pesky foreigners
    ------------------------------------------------

    Both MSIE and Firefox seem to be perfectly happy with two-period
    ccTLDs domain cookies (.xxx.xx).

    In other words, one can set a cookie for *.com.pl or *.com.fr, and
    override or corrupt credentials or other parameters on hundreds of
    thousands e-commerce websites in that country. It will be also
    possible to plant attacker's session ID on visitor's computer,
    and effectively, steal his credentials when he decides to sign in
    on the target site.

I'm afraid this doesn't work for me.
 
I tried setting a cookie for .com.pl, and
I failed (that is, the browser did not respect
it). If you set a cookie for .kom.pl, it will be OK
(if you're in .kom.pl domain, that is).

The browsers (at least
IE 6.0) seem to be smarter, and use a more fine
grained strategy, e.g. something like:
http://spamassassin.apache.org/full/3.0.x/dist/lib/Mail/SpamAssassin/Util/
RegistrarBoundaries.pm
Received on Jan 29 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]