WebApp Sec mailing list archives
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications"
From: "Sverre H. Huseby" <shh () thathost com>
Date: Wed, 22 Dec 2004 12:56:43 +0100
[Elihu Smails] | But you have already stored the IP address of the attacker who | created the session. It sounds like you think about "Session Fixation", as described by Mitja Kolsek in 2002. With "Session Riding" (or "Web Trojans"), the attacker need not visit the target web site at all. Sverre.
Current thread:
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications", (continued)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Sverre H. Huseby (Dec 20)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Sverre H. Huseby (Dec 20)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Eran Tromer (Dec 20)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Sverre H. Huseby (Dec 20)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Elihu Smails (Dec 20)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Sverre H. Huseby (Dec 22)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Elihu Smails (Dec 22)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Sverre H. Huseby (Dec 22)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Sverre H. Huseby (Dec 22)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Joseph Miller (Dec 22)
- Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Florian Weimer (Dec 23)