Vulnerability Development mailing list archives

Re: Cookies

From: Denis Ducamp <Denis.Ducamp () HSC FR>
Date: Sun, 6 Aug 2000 23:29:49 +0200

On Sun, Aug 06, 2000 at 10:20:58AM -0400, George wrote:

A few friends of mine were discussing the possibility of a custom crafted
cookie replacing a valid cookie on a client machine being used to exploit
the web server that placed the first cookie on the client.

Has anyone looked at the possibility of editing a cookie to search
for/exploit buffer overflows in the server side code that reads cookies? If


In the web server itself : no

In an http application : no with a buffer overflow but yes to access
application privileges.
. The more often, the cookie is used to remember the login with which you
  authenticated. Change that cookie and you are someone else :-( !
. Other times, that cookie is used to remember which part of the web site
  you may access : change that cookie and you may access anywhere :-( !

Often the cookie is obfuscated with a pseudo cryptographic algorythm à la
xor using a short fixed length key.

there is any information on this sort of technique I would appreciate a
pointer.


Don't know such a public document.

Denis Ducamp.

--
Denis.Ducamp () hsc fr -- Hervé Schauer Consultants -- http://www.hsc.fr/

Current thread:

Cookies George (Aug 06)
- Re: Cookies Denis Ducamp (Aug 07)
  - Re: Cookies Kev (Aug 09)
    - Re: Cookies Denis Ducamp (Aug 09)
    - Re: Cookies Kev (Aug 10)
    - Re: Cookies Denis Ducamp (Aug 10)
    - Re: Cookies Slawek (Aug 10)
    - Re: Cookies Modify (Aug 10)
- Re: Cookies Ryan Permeh (Aug 07)
- Re: Cookies Richard M. Smith (Aug 07)
  - Re: Cookies George (Aug 07)
    - Re: Cookies Crist Clark (Aug 09)

(Thread continues...)