Vulnerability Development mailing list archives

Re: Cookies

From: Crispin Cowan <crispin () WIREX COM>
Date: Sun, 6 Aug 2000 14:53:12 -0700

George wrote:

A few friends of mine were discussing the possibility of a custom crafted
cookie replacing a valid cookie on a client machine being used to exploit
the web server that placed the first cookie on the client.

Has anyone looked at the possibility of editing a cookie to search
for/exploit buffer overflows in the server side code that reads cookies? If
there is any information on this sort of technique I would appreciate a
pointer.


This sounds like an interesting variation on the "cross-site scripting" issue
announced early this year here http://www.cert.org/advisories/CA-2000-02.html
and here http://www.apache.org/info/css-security/index.html .  In both cases,
you're pretending to be "bigbiz.com" but actually sending data to
"badguyz.net".

Crispin

--
Crispin Cowan, Chief Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution:                          http://immunix.org

Current thread:

Re: Cookies, (continued)
- - - Re: Cookies Denis Ducamp (Aug 09)
    - Re: Cookies Kev (Aug 10)
    - Re: Cookies Denis Ducamp (Aug 10)
    - Re: Cookies Slawek (Aug 10)
    - Re: Cookies Modify (Aug 10)
- Re: Cookies Ryan Permeh (Aug 07)
- Re: Cookies Richard M. Smith (Aug 07)
  - Re: Cookies George (Aug 07)
    - Re: Cookies Crist Clark (Aug 09)
    - Re: Cookies J Edgar Hoover (Aug 12)
- Re: Cookies Crispin Cowan (Aug 07)
- Re: Cookies netsec [davidv] (Aug 08)
  - Re: Cookies Ryan Permeh (Aug 09)