The term "Cookie Poisoning" usually refers to the act of manipulating cookie values (in one's own HTTP session) in order to perform illegal actions (e.g. SQL Injection, Session Hijacking, etc.), in web applications that rely on cookie values, but do not properly validate these values. XSS attacks may enable a malicious user to steal cookies from other users, as well as perform many other things through the injection of malicious client-side scripts (e.g. JavaScript, VBScript, etc.)
for example if Some Web sites also include server-side scripts which allow cookies to be
set from a URL. The URLs look something like this:
http://www.example.com/cgi-bin
or you can content of cookie if there is HTTP response splitting vulnerability in application (classic example are broken redirection scripts
http://www.site.com/xxx
which can result in:
| HTTP/1.1 301 Moved Permanently
| Location:
| Set-Cookie: cookie=value
or take a look at the following references:
http://en.wikipedia.org/wiki/Cross-site_tracing
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
greatz
for all member kendari-underground
ch302, napster_jr, 3l1te
::p1r4t3z::
0 komentar:
Post a Comment