Penetration Testing mailing list archives
Wanted: Script to email cookies
From: Joe Brown <joe_brown () senet-int com>
Date: 30 Nov 2001 09:06:49 -0000
I'm working on a pen test for a web application. After the first time you successfully authenticate, the app stores a cookie with username and password in clear text. I've recently read the archive regarding vulnerable IE browsers revealing cookies. I'd like to go a step farther. Does anyone have a script that will email the cookie? I'd like to craft an email with a link and when a user clicks, it emails the cookie. I want to show the client how dangerous it is to store a clear text cookie. Also, any other method of cookie stealing would be really appreciated. Thanks. Joe ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Wanted: Script to email cookies Joe Brown (Nov 30)
- Re: Wanted: Script to email cookies Jeremiah Grossman (Nov 30)