WebApp Sec mailing list archives
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in To day's Web Applications"
From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 22 Dec 2004 19:21:38 +0100
* Noah Gray:
1) Most sites use some form of Session Expiration. The whole of this paper assumes the when the user is attacked, they are still logged in, and have a valid session cookie intact. In reality, this attack is only useful while a user is logged in, and shortly thereafter. Which, while being very plausible in intranet application, is unlikely in internet applications, except in focused attacks.
Not true if you attack web-based email services. 8-) There are rumors that some of them are vulnerable, and they make very interesting targets these days.
Other than that, this is very plausible attack that I would agree hasn't received enough attention. I would also add that in the case of the img tag in the email, an iframe could also be used, similar to recent viruses. It needn't even be visible.
A style sheet link has been reported to work as well, even in clients that don't retrieve external images.
Current thread:
- RE: Whitepaper "SESSION RIDING - A Widespread Vulnerability in To day's Web Applications" Noah Gray (Dec 20)
- RE: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Thomas Schreiber (Dec 20)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in To day's Web Applications" Ben Timby (Dec 20)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in To day's Web Applications" Florian Weimer (Dec 23)