Bugtraq mailing list archives
Re: Podium CMS - Cookie Manipulation Exploit
From: "Steven M. Christey" <coley () mitre org>
Date: Wed, 9 May 2007 12:15:23 -0400 (EDT)
Hello, Pardon me for being dense, but what exactly does "cookie manipulation" mean in this context? What is the vulnerability? Looking at the following exploit code: <input name="id" size=75 value="<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>"> The (apparent) injection of a META tag suggests that the real issue is XSS. Do you mean that there's an XSS attack which could be used to modify cookies? Or are you talking about CSRF? Where do 'cookiename' and 'cookievalue' come from? Finally, while "Podium" does seem to be in heavy use, what is the actual product and vendor that's affected? Thanks, Steve
Current thread:
- Podium CMS - Cookie Manipulation Exploit john (May 07)
- <Possible follow-ups>
- Re: Podium CMS - Cookie Manipulation Exploit Steven M. Christey (May 09)