Wanted: Script to email cookies
From: Joe Brown (joe_brown@senet-int.com)Date: 11/30/01
- Previous message: Perciaccante, Robert: "Extraction of cached credentials from NTUSER.DAT"
- Next in thread: Jeremiah Grossman: "Re: Wanted: Script to email cookies"
- Reply: Jeremiah Grossman: "Re: Wanted: Script to email cookies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Nov 2001 09:06:49 -0000 Message-ID: <20011130090649.4799.qmail@mail.securityfocus.com> From: Joe Brown <joe_brown@senet-int.com> To: pen-test@securityfocus.com Subject: Wanted: Script to email cookies('binary' encoding is not supported, stored as-is)
I'm working on a pen test for a web application. After
the first time you successfully authenticate, the app
stores a cookie with username and password in clear
text. I've recently read the archive regarding
vulnerable IE browsers revealing cookies. I'd like to
go a step farther. Does anyone have a script that will
email the cookie? I'd like to craft an email with a link
and when a user clicks, it emails the cookie. I want
to show the client how dangerous it is to store a clear
text cookie. Also, any other method of cookie stealing
would be really appreciated. Thanks.
Joe
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Perciaccante, Robert: "Extraction of cached credentials from NTUSER.DAT"
- Next in thread: Jeremiah Grossman: "Re: Wanted: Script to email cookies"
- Reply: Jeremiah Grossman: "Re: Wanted: Script to email cookies"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
