Bugtraq mailing list archives
Evil Cookies.
From: iwade () OPTUSNET COM AU (Iain Wade)
Date: Wed, 2 Feb 2000 20:45:54 +1100
Hello, I have an evil cookie observation I'd like to share: While developing some CGI stuff, I noticed that my browser was sending a cookie which didn't make sense since I had control of that domain and I hadn't issues any cookies .. the name "CyberTargetAnonymous" didn't fill me with confidence either. After refreshing my knowledge of cookies at netscapes developer site below I noticed something strange: http://developer.netscape.com:80/docs/manuals/communicator/jsguide4/cookies.htm In the section "Determining a valid domain" is this little gem: <quote> If the domain attribute matches the end of the fully qualified domain name of the host, then path matching is performed to determine if the cookie should be sent. For example, a domain attribute of royalairways.com matches hostnames anvil.royalairways.com and ship.crate.royalairways.com. Only hosts within the specified domain can set a cookie for a domain. In addition, domain names must use at least two or three periods. Any domain in the COM, EDU, NET, ORG, GOV, MIL, and INT categories requires only two periods; all other domains require at least three periods. </quote> So my questions are these: a) Why would Netscape Communicator 4.7 accept a cookie like this (invalid -- only two periods): .com.au TRUE / FALSE 1264987602 CyberTargetAnonymous NMN000CDCF833FA08963E9BDBC6CAA59301 b) How can this be used by some mass marketing company to turn me into a number in their systems for sale to the highest bidder? Just because you're paranoid doesn't mean they're not all out to get you. -- Iain Wade <HR NOSHADE> <UL> <LI>application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature </UL>
Current thread:
- Re: Tempfile vulnerabilities Dug Song (Jan 31)
- <Possible follow-ups>
- Re: Tempfile vulnerabilities foo (Jan 31)
- Re: Tempfile vulnerabilities Grant Taylor (Jan 31)
- Re: Tempfile vulnerabilities Theo de Raadt (Feb 01)
- Microsoft Security Bulletin (MS00-007) Aleph One (Feb 01)
- Re: Tempfile vulnerabilities Werner Koch (Feb 02)
- Re: Tempfile vulnerabilities Theo de Raadt (Feb 02)
- Evil Cookies. Iain Wade (Feb 02)
- UPDATE: Sygate 3.11 Port 7323 Telnet Hole jalerta () nestworks com (Feb 03)
- Re: Evil Cookies. Joachim Feise (Feb 03)
- Re: Evil Cookies. Jon Paul, Nollmann (Feb 05)
- Reminder: BOF on Distributed DoS, San Jose 2/7/00 David Kennedy CISSP (Feb 06)
- Infosec.20000207.axis700.a Vitek, Ian (Feb 07)
- Re: Evil Cookies. Thomas Reinke (Feb 04)
- Re: Evil Cookies. Dylan Griffiths (Feb 07)
- 'cross site scripting' CERT advisory and MS Eric Lecht (Feb 08)
- Re: 'cross site scripting' CERT advisory and MS Dustin Miller (Feb 09)
- Re: 'cross site scripting' CERT advisory and MS David LeBlanc (Feb 10)