Vulnerability Development mailing list archives
RE: Web session tracking security prob. Vulnerable: IIS and ColdFusion (maybe others)
From: "Jon Zobrist" <kgb () ussr com>
Date: Fri, 31 Aug 2001 08:05:54 -0600
I wouldn't blame Cold Fusion for making this easier, it's a developer's job to use their tool correctly. Allaire recommends scoping all variables all the time, and this would avoid a variable from the URL scope being used instead of one from the Session scope (where the real CFID and CFTOKEN are). -Jon <snip>
ColdFusion makes this attack even easier, because it allows its session
tracking variables to be specified on the URL line. So, an attacker could force a predictable cookie value by passing a user a link, via e-mail, another web site, or as a bookmark. For example:
http://www.MyColdFusion.net?CFID=123&CFTOKEN=1111111
<snip>
Current thread:
- Web session tracking security prob. Vulnerable: IIS and ColdFusion (maybe others) Jeff Jancula (Aug 29)
- Re: Web session tracking security prob. Vulnerable: IIS and ColdFusion (maybe others) Michael J. Cannon (Aug 29)
- RE: Web session tracking security prob. Vulnerable: IIS and ColdFusion (maybe others) Jon Zobrist (Aug 31)
- Re: Web session tracking security prob. Vulnerable: IIS and ColdFusion (maybe others) Lincoln Yeoh (Aug 30)
- Re: Web session tracking security prob. Vulnerable: IIS and ColdFusion (maybe others) Jeff Jancula (Aug 30)
- Re: Web session tracking security prob. Vulnerable: IIS and ColdFusion (maybe others) nagilum (Aug 30)
- Re: Web session tracking security prob. Vulnerable: IIS and ColdFusion (maybe others) Marc Slemko (Aug 30)
- Re: Web session tracking security prob. Vulnerable: IIS and ColdFusion (maybe others) Michael J. Cannon (Aug 29)