Vulnerability Development mailing list archives
Re: Cookies
From: Denis Ducamp <Denis.Ducamp () HSC FR>
Date: Sun, 6 Aug 2000 23:29:49 +0200
On Sun, Aug 06, 2000 at 10:20:58AM -0400, George wrote:
A few friends of mine were discussing the possibility of a custom crafted cookie replacing a valid cookie on a client machine being used to exploit the web server that placed the first cookie on the client. Has anyone looked at the possibility of editing a cookie to search for/exploit buffer overflows in the server side code that reads cookies? If
In the web server itself : no In an http application : no with a buffer overflow but yes to access application privileges. . The more often, the cookie is used to remember the login with which you authenticated. Change that cookie and you are someone else :-( ! . Other times, that cookie is used to remember which part of the web site you may access : change that cookie and you may access anywhere :-( ! Often the cookie is obfuscated with a pseudo cryptographic algorythm à la xor using a short fixed length key.
there is any information on this sort of technique I would appreciate a pointer.
Don't know such a public document. Denis Ducamp. -- Denis.Ducamp () hsc fr -- Hervé Schauer Consultants -- http://www.hsc.fr/
Current thread:
- Cookies George (Aug 06)
- Re: Cookies Denis Ducamp (Aug 07)
- Re: Cookies Kev (Aug 09)
- Re: Cookies Denis Ducamp (Aug 09)
- Re: Cookies Kev (Aug 10)
- Re: Cookies Denis Ducamp (Aug 10)
- Re: Cookies Slawek (Aug 10)
- Re: Cookies Modify (Aug 10)
- Re: Cookies Kev (Aug 09)
- Re: Cookies Denis Ducamp (Aug 07)
- Re: Cookies George (Aug 07)
- Re: Cookies Crist Clark (Aug 09)