WebApp Sec mailing list archives

XSS and URL Encoded Session IDs

From: "B F" <zaphod_b71 () hotmail com>
Date: Mon, 16 Dec 2002 21:18:30 +0100

Hi List,

recently I did my first "real" WebApp Audit, so I´m quite
new to this topic. The application in case has lot´s of
XSS Vulnerabilities, but they are only accessible if you
already know the SessionID of a specific user. Example

https://somesite.com/bad.asp?SID=4243434234234234?ID=<xss string of choice>

As you may have noticed the site is only accessible via HTTPS.
So how to craft an URL which will trigger the XSS ? Don´t
I have to know the SessionID first?

The only thing I can think of is to exploit a client side vuln.
to get the SID.

Any better ideas?

BF






_________________________________________________________________

MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.http://join.msn.com/?page=features/virus

Current thread:

XSS and URL Encoded Session IDs B F (Dec 16)
- RE: XSS and URL Encoded Session IDs The Crocodile (Dec 17)
- Re: XSS and URL Encoded Session IDs Ryan Yagatich (Dec 17)
  - Re: XSS and URL Encoded Session IDs Matthew Miller (Dec 17)