WebApp Sec mailing list archives

Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in To day's Web Applications"

From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 22 Dec 2004 19:21:38 +0100

* Noah Gray:

1) Most sites use some form of Session Expiration. The whole of this paper
assumes the when the user is attacked, they are still logged in, and have a
valid session cookie intact. In reality, this attack is only useful while a
user is logged in, and shortly thereafter. Which, while being very plausible
in intranet application, is unlikely in internet applications, except in
focused attacks.


Not true if you attack web-based email services. 8-) There are rumors
that some of them are vulnerable, and they make very interesting
targets these days.

Other than that, this is very plausible attack that I would agree hasn't
received enough attention. I would also add that in the case of the img tag
in the email, an iframe could also be used, similar to recent viruses. It
needn't even be visible.


A style sheet link has been reported to work as well, even in clients
that don't retrieve external images.

Current thread:

RE: Whitepaper "SESSION RIDING - A Widespread Vulnerability in To day's Web Applications" Noah Gray (Dec 20)
- RE: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Thomas Schreiber (Dec 20)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in To day's Web Applications" Ben Timby (Dec 20)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in To day's Web Applications" Florian Weimer (Dec 23)