Example of XSS cookie stealing code?

• Previous message: Anders Thulin: "Re: Cisco Catalyst 4006 CatOS Password Hash"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 12 Dec 2003 08:49:01 -0500
To: <adreyer@math.uni-paderborn.de>, "Rajesh Jose" <rajesh.jose@paladion.net>

As a tangent on this conversation, does anyone have a good example they
would like to share of some tricky XSS cookie stealing code? (for
inclusion in HTML email, malicious web page, etc.)

Thanks,

Mark Lachniet

-----Original Message-----
From: Achim Dreyer [mailto:adreyer@math.uni-paderborn.de]
Sent: Thursday, December 11, 2003 11:55 AM
To: Rajesh Jose
Cc: pen-test@securityfocus.com
Subject: RE: XSS with encrypted cookie?

On Thu, 11 Dec 2003, Rajesh Jose wrote:

> Hi,
>
> I didn't get "encrypted session token cookie". Normally nobody will be
> encrypting a session token. So far as the session token is strongly
> random nothing can be achieved by encrypting it.
> Or did you mean secure cookie?
> Secure cookie is a cookie which can be fetched by the server only
> through a SSL channel.
>
> In all these cases "encrypted, not-encrypted and secured" it is
possible
> to fetch a cookie through XSS attack and replay the session.
>
> Replaying of session token will not possible if the application is
using
> source IP for session validation.

.. unless of course when user and attacker live on the same system,
which
is quite possible on any unix system or something like a citrix server
(farm).

Regards,
Achim Dreyer

--
A. Dreyer, Senior SysAdmin (UNIX&Network) / Internet Security Consultant
------------------------------------------------------------------------
---
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Anders Thulin: "Re: Cisco Catalyst 4006 CatOS Password Hash"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Virtualtourist.com - XSS with cookie disclosure ... And below is our cookie data that was written out: ... (Virtual Tourist Vist=Possibly random string given to this session, ... XSS Vuln via search destination input box: ... (Bugtraq) Re: [Full-Disclosure] Search Engine XSS ... XSS can be used for a few different things, one of which would be to steal ... those XSS don't mean shit unless it targets an admin that is somehow logged ... in with valid stuffz in his cookie (but i did learn some other cool iframe ... advanced junk mail protection and 2 months FREE* ... (Full-Disclosure) Re: [Full-disclosure] excessive xss vulnerabilities ... there is a high volume of xss vulnerabilities on this list. ... next step to disclose why xss important for the affected program. ... even if its just a cookie stealer, please show why an attacker would ... in attempting to create a keystroke logger in javascript i've = ... (Full-Disclosure) [Full-disclosure] Libero.it (italian ISP) XSS vulnerability ... The vulnerability can be found in the "Community" section of Libero ... password of the victim accessing his cookie. ... Trough a simple XSS locator can be found that the page is vulnerable ... to a remote server. ... (Full-Disclosure) [waraxe-2004-SA#005 - XSS in Php-Nuke 7.1.0 - part 2] ... websites, because it`s free of charge, easy to install and has broad set of features. ... about the Cross-Site Scripting aka XSS problems in this popular content management system. ... By the way - even COOKIE ... (Bugtraq)