WebApp Sec mailing list archives
RE: XSS and URL Encoded Session IDs
From: "The Crocodile" <tcroc () cow pasture com>
Date: Tue, 17 Dec 2002 07:10:12 -0500
How random is the entropy on the SessionIDs? If it can be easily (or at least semi easily) predicted you have your answer. Try harvesting as many IDs as you can and see if you can find any patterns. Once you have a pattern discovered write a script that keeps taking ID's.. once you see one of the IDs skipped you know that it was taken by someone else. Not the end all be all of ways to do it but it is something to think about. --The Crocodile -----Original Message----- From: B F [mailto:zaphod_b71 () hotmail com] Sent: Monday, December 16, 2002 3:19 PM To: webappsec () securityfocus com Subject: XSS and URL Encoded Session IDs Hi List, recently I did my first "real" WebApp Audit, so I´m quite new to this topic. The application in case has lot´s of XSS Vulnerabilities, but they are only accessible if you already know the SessionID of a specific user. Example https://somesite.com/bad.asp?SID=4243434234234234?ID=<xss string of choice> As you may have noticed the site is only accessible via HTTPS. So how to craft an URL which will trigger the XSS ? Don´t I have to know the SessionID first? The only thing I can think of is to exploit a client side vuln. to get the SID. Any better ideas? BF _________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus
Current thread:
- XSS and URL Encoded Session IDs B F (Dec 16)
- RE: XSS and URL Encoded Session IDs The Crocodile (Dec 17)
- Re: XSS and URL Encoded Session IDs Ryan Yagatich (Dec 17)
- Re: XSS and URL Encoded Session IDs Matthew Miller (Dec 17)