WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Can I obtain BASIC AUTH credentials using an XSS vulnerbility

From: Jill Tovey <jill.tovey () bigbluedoor com>
Date: 5 Dec 2002 11:10:36 -0000
In-Reply-To: <F162mZkXb8C2GdIu6VX00013498 () hotmail com>

You can get the cookie to send to a page with an xss exploit in it and use 
javascript to redirect it to a different page using document.cookie, so 
that the value is passed and recorded to a file.

Thus getting their 'autologinid' value.

Does that help ?





Received: (qmail 6306 invoked from network); 2 Dec 2002 15:25:58 -0000
Received: from outgoing2.securityfocus.com (HELO 

outgoing.securityfocus.com) (205.206.231.26)

 by mail.securityfocus.com with SMTP; 2 Dec 2002 15:25:58 -0000
Received: from lists.securityfocus.com (lists.securityfocus.com 

[205.206.231.19])

      by outgoing.securityfocus.com (Postfix) with QMQP
      id 135B58F29C; Mon,  2 Dec 2002 07:27:36 -0700 (MST)
Mailing-List: contact webappsec-help () securityfocus com; run by ezmlm
Precedence: bulk
List-Id: <webappsec.list-id.securityfocus.com>
List-Post: <mailto:webappsec () securityfocus com>
List-Help: <mailto:webappsec-help () securityfocus com>
List-Unsubscribe: <mailto:webappsec-unsubscribe () securityfocus com>
List-Subscribe: <mailto:webappsec-subscribe () securityfocus com>
Delivered-To: mailing list webappsec () securityfocus com
Delivered-To: moderator for webappsec () securityfocus com
Received: (qmail 28726 invoked from network); 2 Dec 2002 14:53:06 -0000
X-Originating-IP: [161.114.142.52]
From: "frank fish" <frankfish1962 () hotmail com>
To: webappsec () securityfocus com
Subject: Can I obtain BASIC AUTH credentials using an XSS vulnerbility
Date: Mon, 02 Dec 2002 15:14:20 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F162mZkXb8C2GdIu6VX00013498 () hotmail com>
X-OriginalArrivalTime: 02 Dec 2002 15:14:20.0436 (UTC) FILETIME=

[7D24F540:01C29A15]


Hello,

I have an application that uses IIS with basic authentication. The 
application has a XSS vulnerability that when exploited will allow me to 
collect the ASP Session Cookie from a logged on user.

However, this cookie is not enough for me to use to access the 

application, 

I need to get instead the BASE64 encoded authentication string. Is there 

a 

way to get this string via the XSS vulnerability ?

Thanks for any advice, Frank






_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail
Previous By Date Next
Previous By Thread Next

Current thread: