WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cookie poisoning without XSS

From: "Dr HenDre" <drhendre () gmail com>
Date: Fri, 25 Aug 2006 19:17:40 +0200
Hi Smith,

Perhaps XST (Cross Site Tracing) could do the job?
Take a look at the following references:
http://en.wikipedia.org/wiki/Cross-site_tracing
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
Perhaps you find it useful.


On 8/25/06, Smith Norton <smith.norton () gmail com> wrote:

I was reading about cookie poisoning. I want to know if there is any
way we can poision cookies if XSS vulnerability is not possible.

As far as I know, only in the presence of an XSS vulnerability,
cookies can be modified. Can anyone describe a method of cookie
poisoning even without XSS.

Small code snippets would be very helpful to me.

Smith

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download a Free Trial of AppScan today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnG
--------------------------------------------------------------------------




-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download a Free Trial of AppScan today! 

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnG
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: