Code Snippet:


http://example/.idc


References


 Session Fixation Vulnerability in Web based Applications , By Mitja


Kolsek   Acros Security


http://www.acrossecurity.com/papers/session_fixation.pdf


 Divide and Conquer , By Amit Klein   Sanctum


http://www.sanctuminc.com/pdf/whitepaper_httpresponse.pdf


3   C l i e n t   s i d e   A t t a c k s


The Client side Attacks section focuses on the abuse or exploitation


of a web site s users.  When a user visits a web site, trust is


established between the two parties both technologically and


psychologically. A user expects web sites they visit to deliver valid


content. A user also expects the web site not to attack them during


their stay. By leveraging these trust relationship expectations, an


attacker may employ several techniques to exploit the user.


3.1  Content Spoofing


Content Spoofing is an attack technique used to trick a user into


believing that certain content appearing on a web site is legitimate


and not from an external source.


Some web pages are served using dynamically built HTML content


sources.  For example, the source location of a frame (


src= http://foo.example/file.html >) could be specified


21


Copyright 2004, Web Application Security Consortium. All rights reserved.






Unlimited Web Hosting






  

    
  

  

    
 
  

  

    
  

  

    
TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved.