[prev in list] [next in list] [prev in thread] [next in thread]
List: webappsec
Subject: Cross Site Scripting using HTTP server response payloads (need JS function to read a particular cook
From: auto125268 () hushmail ! com
Date: 2001-05-31 19:37:47
[Download RAW message or body]
After looking at the web worm posting on bugtraq, I am playing around with
a site and have found some interesting places to cross-site script using
server responses. However the site I am looking at has 2 cookies. document.cookie
only returns the first. If I know the name of the cookie, how can I specify
a particular cookie using JavaScript ?
Example
www.victim.com/hf;ksanf;ashdf;kjsadf<script>alert(document.cookie)</script>
returns a 404 page not found and spits back the URL I sent in.....
of course this gets executed client side
I want to return the RAM cookie not the persistent cookie.
Any ideas ?
Free, encrypted, secure Web-based email at www.hushmail.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic