Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Justin Case (weaver27earthlink.net)
Date: Thu May 09 2002 - 08:37:46 CDT
Ulf Harnhammar wrote:
> we can redirect to a site while setting a cookie by giving $url the value
> "http://www.kuro5hin.org/\015\012Set-Cookie: evil=natas". If the cookie
> contains important data and one user can save URL's that another user will be
> redirected to, this can be serious.
While doing a pentest for a major banking website, I showed them how an attacker
could use this technique to set a permanent cookie to an invalid value,
resulting in a permanant DOS against every user that encountered the attack.
They finally understood what I was saying when I locked up a manager's browser
and he couldn't get into his own site until I deleted his bad cookie. But they
still felt it would be too much work to fix it.