XSS with encrypted cookie?

From: pire pire (pirepire69_at_romandie.com)
Date: 12/10/03

  • Next message: Alfred Huger: "Re: Education End Users about Passwords - Was - RE: john the ripper - DEAD THREAD"
    Date: Wed, 10 Dec 2003 08:44:07 +0100
    To: pen-test@securityfocus.com
    
    

    Hi,

    I'm wondering if it's possible via a XSS attack to steal an
    encrypted cookie (actually it's a session token)? (with some
    javascript like: document.cookie etc...)

    If yes, is it also possible to replay this cookie? (of course the
    session must still be valid on the server)

    I know it works with regular cookie.

    Thanks a lot for your help

    _______________________________________________

    La messagerie gratuite des romands : 10 MO !!!
    Profitez-en ! >>> http://www.romandie.com

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Alfred Huger: "Re: Education End Users about Passwords - Was - RE: john the ripper - DEAD THREAD"