Full Disclosure mailing list archives
Re: Cookiejacking attack technique
From: Владимир Воронцов <vladimir.vorontsov () onsec ru>
Date: Thu, 26 May 2011 00:00:33 +0400
Great work! Technique can be used to stealing any data. In example, content from remote iframes. And from any local file, i.e. browser cache, configs and other. But there is problem to open urls in file:// zone from http:// zone. Recently i founded Chrome vuln, which provide that. See https://docs.google.com/present/view?id=dcm4kmp7_18w8945rdw slides 20-23. In your work, you say about redirect in IE9, but it is didn't work for me (9.0.8112.16421). If it is possible to open file:// from http:// in IE9, then possible to stealing any local file without user actions :) On Wed, 25 May 2011 00:17:21 +0200, Rosario Valotta <valotta.rosario () gmail com> wrote:
Hi, last week, in two security conferences I showed a new attack technique called Cookiejacking that allows to steal session cookies without any
XSS
vulnerability. https://www.swisscyberstorm.com/speakers/valotta http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388 All previous approaches on the same topic used at least an XSS or a Man
in
the middle attack (eg Firesheep) to steal cookies. In this approach I use a 0-day vulnerabilty affecting all versions of IE
on
every Windows OS and an advanced Clickjacking attack in order to trick users in dragging & dropping their cookies. You can steal any cookie (http only, secure cookies, whatever the
website)
of every Win user! If it is interesting, on my blog you can find a writeup and a couple of videos. https://sites.google.com/site/tentacoloviola/cookiejacking Regards Rosario Valotta
-- Best regards, Vladimir Vorontsov ONsec security expert _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Cookiejacking attack technique Rosario Valotta (May 24)
- Re: Cookiejacking attack technique Владимир Воронцов (May 25)
- Re: Cookiejacking attack technique Rosario Valotta (May 25)
- Re: Cookiejacking attack technique Владимир Воронцов (May 25)