WebApp Sec mailing list archives

RE: Cross Site Cooking

From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Mon, 30 Jan 2006 11:02:02 +0100 (CET)

On Sun, 29 Jan 2006, Amit Klein (AKsecurity) wrote:

I tried setting a cookie for .com.pl, and I failed (that is, the browser
did not respect it). If you set a cookie for .kom.pl, it will be OK (if
you're in .kom.pl domain, that is).


Amit,

Mozilla/Firefox/Netscape are vulnerable to this flaw (and probably so is
Konqueror). You are right in regard to MSIE 6, however - my apologies.

I tested the vulnerability with *.com.pl for Firefox, and then followed up
with a quicker test for *.ids.pl with MSIE, assuming it wouldn't implement
such a kludge - my bad.

So, to sum up - the first bug applies to Mozilla-based browsers, but not
to MSIE; the other two bugs apply to all browsers.

/mz

-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------

Current thread:

Cross Site Cooking Michal Zalewski (Jan 28)
- <Possible follow-ups>
- RE: Cross Site Cooking Amit Klein (AKsecurity) (Jan 29)
  - RE: Cross Site Cooking Michal Zalewski (Jan 30)
  - Re: Cross Site Cooking Aman Raheja (Jan 31)
    - Re: Cross Site Cooking Michal Zalewski (Feb 02)
- Re: Cross Site Cooking john-secfocus (Jan 31)
  - Re: Cross Site Cooking Erwan Legrand (Jan 31)
  - Re: Cross Site Cooking Michal Zalewski (Jan 31)
- RE: Cross Site Cooking Evans, Arian (Jan 31)