WebApp Sec mailing list archives
Re: Can I obtain BASIC AUTH credentials using an XSS vulnerbility
From: Jill Tovey <jill.tovey () bigbluedoor com>
Date: 5 Dec 2002 11:10:36 -0000
In-Reply-To: <F162mZkXb8C2GdIu6VX00013498 () hotmail com> You can get the cookie to send to a page with an xss exploit in it and use javascript to redirect it to a different page using document.cookie, so that the value is passed and recorded to a file. Thus getting their 'autologinid' value. Does that help ?
Received: (qmail 6306 invoked from network); 2 Dec 2002 15:25:58 -0000 Received: from outgoing2.securityfocus.com (HELO
outgoing.securityfocus.com) (205.206.231.26)
by mail.securityfocus.com with SMTP; 2 Dec 2002 15:25:58 -0000 Received: from lists.securityfocus.com (lists.securityfocus.com
[205.206.231.19])
by outgoing.securityfocus.com (Postfix) with QMQP id 135B58F29C; Mon, 2 Dec 2002 07:27:36 -0700 (MST) Mailing-List: contact webappsec-help () securityfocus com; run by ezmlm Precedence: bulk List-Id: <webappsec.list-id.securityfocus.com> List-Post: <mailto:webappsec () securityfocus com> List-Help: <mailto:webappsec-help () securityfocus com> List-Unsubscribe: <mailto:webappsec-unsubscribe () securityfocus com> List-Subscribe: <mailto:webappsec-subscribe () securityfocus com> Delivered-To: mailing list webappsec () securityfocus com Delivered-To: moderator for webappsec () securityfocus com Received: (qmail 28726 invoked from network); 2 Dec 2002 14:53:06 -0000 X-Originating-IP: [161.114.142.52] From: "frank fish" <frankfish1962 () hotmail com> To: webappsec () securityfocus com Subject: Can I obtain BASIC AUTH credentials using an XSS vulnerbility Date: Mon, 02 Dec 2002 15:14:20 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: <F162mZkXb8C2GdIu6VX00013498 () hotmail com> X-OriginalArrivalTime: 02 Dec 2002 15:14:20.0436 (UTC) FILETIME=
[7D24F540:01C29A15]
Hello, I have an application that uses IIS with basic authentication. The application has a XSS vulnerability that when exploited will allow me to collect the ASP Session Cookie from a logged on user. However, this cookie is not enough for me to use to access the
application,
I need to get instead the BASE64 encoded authentication string. Is there
a
way to get this string via the XSS vulnerability ? Thanks for any advice, Frank _________________________________________________________________ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
Current thread:
- Can I obtain BASIC AUTH credentials using an XSS vulnerbility frank fish (Dec 02)
- <Possible follow-ups>
- Re: Can I obtain BASIC AUTH credentials using an XSS vulnerbility Jill Tovey (Dec 05)