OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Jill Tovey (jill.tovey_at_bigbluedoor.com)
Date: Thu Dec 05 2002 - 05:10:36 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ('binary' encoding is not supported, stored as-is) In-Reply-To: <F162mZkXb8C2GdIu6VX00013498hotmail.com>

    You can get the cookie to send to a page with an xss exploit in it and use
    javascript to redirect it to a different page using document.cookie, so
    that the value is passed and recorded to a file.

    Thus getting their 'autologinid' value.

    Does that help ?

    >Received: (qmail 6306 invoked from network); 2 Dec 2002 15:25:58 -0000
    >Received: from outgoing2.securityfocus.com (HELO
    outgoing.securityfocus.com) (205.206.231.26)
    > by mail.securityfocus.com with SMTP; 2 Dec 2002 15:25:58 -0000
    >Received: from lists.securityfocus.com (lists.securityfocus.com
    [205.206.231.19])
    > by outgoing.securityfocus.com (Postfix) with QMQP
    > id 135B58F29C; Mon, 2 Dec 2002 07:27:36 -0700 (MST)
    >Mailing-List: contact webappsec-helpsecurityfocus.com; run by ezmlm
    >Precedence: bulk
    >List-Id: <webappsec.list-id.securityfocus.com>
    >List-Post: <mailto:webappsecsecurityfocus.com>
    >List-Help: <mailto:webappsec-helpsecurityfocus.com>
    >List-Unsubscribe: <mailto:webappsec-unsubscribesecurityfocus.com>
    >List-Subscribe: <mailto:webappsec-subscribesecurityfocus.com>
    >Delivered-To: mailing list webappsecsecurityfocus.com
    >Delivered-To: moderator for webappsecsecurityfocus.com
    >Received: (qmail 28726 invoked from network); 2 Dec 2002 14:53:06 -0000
    >X-Originating-IP: [161.114.142.52]
    >From: "frank fish" <frankfish1962hotmail.com>
    >To: webappsecsecurityfocus.com
    >Subject: Can I obtain BASIC AUTH credentials using an XSS vulnerbility
    >Date: Mon, 02 Dec 2002 15:14:20 +0000
    >Mime-Version: 1.0
    >Content-Type: text/plain; format=flowed
    >Message-ID: <F162mZkXb8C2GdIu6VX00013498hotmail.com>
    >X-OriginalArrivalTime: 02 Dec 2002 15:14:20.0436 (UTC) FILETIME=
    [7D24F540:01C29A15]
    >
    >Hello,
    >
    >I have an application that uses IIS with basic authentication. The
    >application has a XSS vulnerability that when exploited will allow me to
    >collect the ASP Session Cookie from a logged on user.
    >
    >However, this cookie is not enough for me to use to access the
    application,
    >I need to get instead the BASE64 encoded authentication string. Is there
    a
    >way to get this string via the XSS vulnerability ?
    >
    >Thanks for any advice, Frank
    >
    >
    >
    >
    >
    >
    >_________________________________________________________________
    >Tired of spam? Get advanced junk mail protection with MSN 8.
    >http://join.msn.com/?page=features/junkmail
    >
    >