Example of XSS cookie stealing code?

["Lachniet, Mark" <mlachniet () sequoianet com>]

As a tangent on this conversation, does anyone have a good example they
would like to share of some tricky XSS cookie stealing code?  (for
inclusion in HTML email, malicious web page, etc.)

Thanks,

Mark Lachniet


-----Original Message-----
From: Achim Dreyer [mailto:adreyer () math uni-paderborn de]
Sent: Thursday, December 11, 2003 11:55 AM
To: Rajesh Jose
Cc: pen-test () securityfocus com
Subject: RE: XSS with encrypted cookie?


On Thu, 11 Dec 2003, Rajesh Jose wrote:

> Hi,
>
> I didn't get "encrypted session token cookie". Normally nobody will be
> encrypting a session token. So far as the session token is strongly
> random nothing can be achieved by encrypting it.
> Or did you mean secure cookie? 
> Secure cookie is a cookie which can be fetched by the server only
> through a SSL channel.
>
> In all these cases "encrypted, not-encrypted and secured" it is
possible
> to fetch a cookie through XSS attack and replay the session. 
>
> Replaying of session token will not possible if the application is
using
> source IP for session validation.

.. unless of course when user and attacker live on the same system,
which
is quite possible on any unix system or something like a citrix server 
(farm). 




Regards,
Achim Dreyer
--
A. Dreyer, Senior SysAdmin (UNIX&Network) / Internet Security Consultant


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------