Code Snippet:
http://example/.idc
Issuing a cookie using the META tag
This method is similar to the previous one, but also effective when
Cross site Scripting countermeasures prevent the injection of HTML
script tags, but not meta tags.
Code Snippet:
http://example/
content="sessionid=1234;%20domain=.example.dom >.idc
Issuing a cookie using an HTTP response header
The attacker forces either the target web site, or any other site in the
domain, to issue a session ID cookie. This can be achieved in many
ways:
Breaking into a web server in the domain (e.g., a poorly
maintained WAP server)
Poisoning a user's DNS server, effectively adding the attacker's
web server to the domain
Setting up a malicious web server in the domain (e.g., on a
workstation in Windows 2000 domain, all workstations are also
in the DNS domain)
Exploiting an HTTP response splitting attack
Note: A long term Session Fixation attack can be achieved by issuing
a persistent cookie (e.g., expiring in 10 years), which will keep the
session fixed even after the user restarts the computer.
20
Copyright 2004, Web Application Security Consortium. All rights reserved.
Unlimited Web Hosting
|
|
|
|
TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved. |