RE: Cookie poisoning without XSS

["Richard M. Smith" <rms () computerbytesman com>]

Some Web sites also include server-side scripts which allow cookies to be
set from a URL.  The URLs look something like this:

    http://www.example.com/cgi-bin/setcookie.cgi?name=...value=....

Richard

P.S. This is not a good idea. ;-)

-----Original Message-----
From: Smith Norton [mailto:smith.norton () gmail com] 
Sent: Friday, August 25, 2006 10:17 AM
To: webappsec () securityfocus com
Subject: Cookie poisoning without XSS

I was reading about cookie poisoning. I want to know if there is any way we
can poision cookies if XSS vulnerability is not possible.

As far as I know, only in the presence of an XSS vulnerability, cookies can
be modified. Can anyone describe a method of cookie poisoning even without
XSS.

Small code snippets would be very helpful to me.

Smith

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself. 
Download a Free Trial of AppScan today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnG
--------------------------------------------------------------------------



-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download a Free Trial of AppScan today!

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnG
--------------------------------------------------------------------------