WebApp Sec mailing list archives
Can I obtain BASIC AUTH credentials using an XSS vulnerbility
From: "frank fish" <frankfish1962 () hotmail com>
Date: Mon, 02 Dec 2002 15:14:20 +0000
Hello,I have an application that uses IIS with basic authentication. The application has a XSS vulnerability that when exploited will allow me to collect the ASP Session Cookie from a logged on user.
However, this cookie is not enough for me to use to access the application, I need to get instead the BASE64 encoded authentication string. Is there a way to get this string via the XSS vulnerability ?
Thanks for any advice, Frank _________________________________________________________________Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
Current thread:
- Can I obtain BASIC AUTH credentials using an XSS vulnerbility frank fish (Dec 02)
- <Possible follow-ups>
- Re: Can I obtain BASIC AUTH credentials using an XSS vulnerbility Jill Tovey (Dec 05)