Vulnerability Development mailing list archives

Cookies

From: George <georger () NLS NET>
Date: Sun, 6 Aug 2000 10:20:58 -0400

A few friends of mine were discussing the possibility of a custom crafted
cookie replacing a valid cookie on a client machine being used to exploit
the web server that placed the first cookie on the client.

Has anyone looked at the possibility of editing a cookie to search
for/exploit buffer overflows in the server side code that reads cookies? If
there is any information on this sort of technique I would appreciate a
pointer.

Geo.

Current thread:

Cookies George (Aug 06)
- Re: Cookies Denis Ducamp (Aug 07)
  - Re: Cookies Kev (Aug 09)
    - Re: Cookies Denis Ducamp (Aug 09)
    - Re: Cookies Kev (Aug 10)
    - Re: Cookies Denis Ducamp (Aug 10)
    - Re: Cookies Slawek (Aug 10)
    - Re: Cookies Modify (Aug 10)
- Re: Cookies Ryan Permeh (Aug 07)
- Re: Cookies Richard M. Smith (Aug 07)
  - Re: Cookies George (Aug 07)

(Thread continues...)