[prev in list] [next in list] [prev in thread] [next in thread] 

List:       webappsec
Subject:    Re: Can I obtain BASIC AUTH credentials using an XSS vulnerbility
From:       Jill Tovey <jill.tovey () bigbluedoor ! com>
Date:       2002-12-05 11:10:36
[Download RAW message or body]

In-Reply-To: <F162mZkXb8C2GdIu6VX00013498@hotmail.com>

You can get the cookie to send to a page with an xss exploit in it and use 
javascript to redirect it to a different page using document.cookie, so 
that the value is passed and recorded to a file.

Thus getting their 'autologinid' value.

Does that help ?




>Received: (qmail 6306 invoked from network); 2 Dec 2002 15:25:58 -0000
>Received: from outgoing2.securityfocus.com (HELO 
outgoing.securityfocus.com) (205.206.231.26)
>  by mail.securityfocus.com with SMTP; 2 Dec 2002 15:25:58 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com 
[205.206.231.19])
>	by outgoing.securityfocus.com (Postfix) with QMQP
>	id 135B58F29C; Mon,  2 Dec 2002 07:27:36 -0700 (MST)
>Mailing-List: contact webappsec-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <webappsec.list-id.securityfocus.com>
>List-Post: <mailto:webappsec@securityfocus.com>
>List-Help: <mailto:webappsec-help@securityfocus.com>
>List-Unsubscribe: <mailto:webappsec-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:webappsec-subscribe@securityfocus.com>
>Delivered-To: mailing list webappsec@securityfocus.com
>Delivered-To: moderator for webappsec@securityfocus.com
>Received: (qmail 28726 invoked from network); 2 Dec 2002 14:53:06 -0000
>X-Originating-IP: [161.114.142.52]
>From: "frank fish" <frankfish1962@hotmail.com>
>To: webappsec@securityfocus.com
>Subject: Can I obtain BASIC AUTH credentials using an XSS vulnerbility
>Date: Mon, 02 Dec 2002 15:14:20 +0000
>Mime-Version: 1.0
>Content-Type: text/plain; format=flowed
>Message-ID: <F162mZkXb8C2GdIu6VX00013498@hotmail.com>
>X-OriginalArrivalTime: 02 Dec 2002 15:14:20.0436 (UTC) FILETIME=
[7D24F540:01C29A15]
>
>Hello,
>
>I have an application that uses IIS with basic authentication. The 
>application has a XSS vulnerability that when exploited will allow me to 
>collect the ASP Session Cookie from a logged on user.
>
>However, this cookie is not enough for me to use to access the 
application, 
>I need to get instead the BASE64 encoded authentication string. Is there 
a 
>way to get this string via the XSS vulnerability ?
>
>Thanks for any advice, Frank
>
>
>
>
>
>
>_________________________________________________________________
>Tired of spam? Get advanced junk mail protection with MSN 8. 
>http://join.msn.com/?page=features/junkmail
>
>

[prev in list] [next in list] [prev in thread] [next in thread]