Penetration Testing mailing list archives

history.dat replay attack

From: spammailme () gmail com
Date: 9 Nov 2006 18:45:00 -0000

All 

Next during a PT it was discovered the browser history stored fully qualified domain and URI (ie. 
www.example.com/secure/login.do?session=UYUYFIBV876760760hGUYGU)

Which can be extracted and replayed in another browser. There is a default timeout as a control yet I want to have it 
removed when session is terminated. It was still there after the browser was closed AND replayable.

Any possible solutions to this issue

First does anyone the windows equiv the *nix history.dat? What is the file name (ntuser.dat?) or path?

Thx
- Don

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

history.dat replay attack spammailme (Nov 09)
- <Possible follow-ups>
- Re: history.dat replay attack Frank Bussink (Nov 10)