Vulnerability Development mailing list archives
Re: Cookies
From: "Richard M. Smith" <rms () PRIVACYFOUNDATION ORG>
Date: Sun, 6 Aug 2000 16:28:15 -0400
Hi George, Yep, I thought about it some. Never did an experiments however. I assume that it is illegal to break into someone else's Web server in this way. The nickname I gave to the problem is "poison cookie". It seems like it might happen pretty often. I doubt a lot of programmers validate their cookie values since they assume the values are okay because they wrote them in the first place. The buffer overflows could occur in a number of different places: - The Web server software - A database engine that is passed a cookie value - A CGI script written in C or C++ that process cookies - The interface code that processes a cookie for a scripting engine for a language like Perl, PHP, VBScript or JavaScript. Besides buffer overflows, in might also be possible to break into a database if a cookie value is blindly pasted into an SQL statement. Richard
-----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of George Sent: Sunday, August 06, 2000 10:21 AM To: VULN-DEV () SECURITYFOCUS COM Subject: Cookies A few friends of mine were discussing the possibility of a custom crafted cookie replacing a valid cookie on a client machine being used to exploit the web server that placed the first cookie on the client. Has anyone looked at the possibility of editing a cookie to search for/exploit buffer overflows in the server side code that reads cookies? If there is any information on this sort of technique I would appreciate a pointer. Geo.
Current thread:
- Cookies George (Aug 06)
- Re: Cookies Denis Ducamp (Aug 07)
- Re: Cookies Kev (Aug 09)
- Re: Cookies Denis Ducamp (Aug 09)
- Re: Cookies Kev (Aug 10)
- Re: Cookies Denis Ducamp (Aug 10)
- Re: Cookies Slawek (Aug 10)
- Re: Cookies Modify (Aug 10)
- Re: Cookies Kev (Aug 09)
- Re: Cookies Denis Ducamp (Aug 07)
- Re: Cookies George (Aug 07)
- Re: Cookies Crist Clark (Aug 09)
- Re: Cookies J Edgar Hoover (Aug 12)
- <Possible follow-ups>
- Re: Cookies netsec [davidv] (Aug 08)
- Re: Cookies Ryan Permeh (Aug 09)