Penetration Testing mailing list archives
XSS with encrypted cookie?
From: "pire pire" <pirepire69 () romandie com>
Date: Wed, 10 Dec 2003 08:44:07 +0100
Hi, I'm wondering if it's possible via a XSS attack to steal an encrypted cookie (actually it's a session token)? (with some javascript like: document.cookie etc...) If yes, is it also possible to replay this cookie? (of course the session must still be valid on the server) I know it works with regular cookie. Thanks a lot for your help _______________________________________________ La messagerie gratuite des romands : 10 MO !!! Profitez-en ! >>> http://www.romandie.com --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- XSS with encrypted cookie? pire pire (Dec 10)
- Re: XSS with encrypted cookie? dd (Dec 11)
- RE: XSS with encrypted cookie? Rajesh Jose (Dec 11)
- RE: XSS with encrypted cookie? Achim Dreyer (Dec 11)