[ISN] Cross-subdomain Session Fixation

From: InfoSec News <alerts_at_private>
Date: Fri, 3 Sep 2010 01:28:55 -0500 (CDT)
http://blog.skeptikal.org/2010/09/cross-subdomain-session-fixation.html

By Mike Bailey 
skeptikal.org
September 2, 2010

Last fall I wrote a bit about cross-subdomain cookie attacks. As often 
as I come across more uses for them, I think that they are a much more 
serious issue than most people (myself included) have made them sound. 
Today, I came across a variant which I'd theorized about in the past, 
but never bothered to find in the wild, and I think it merits some 
attention.

You may be familiar with Hack Is Wack- a stupid marketing campaign from 
Norton/Symantec. The premise is simple: users submit videos, which are 
voted on, and the winner gets to roll with Snoop Dogg...'s manager. You 
may not know it, but most of Snoop's music is information 
security-related. "What's My Name" is about AuthN, "Drop it like it's 
Hot" is about SQL injection, not to mention constant references to cron, 
gzip, and other unix commands in his lyrics. It's really a pretty 
natural match.

At any rate, the Hack is Wack site is chock full of holes. For example, 
there's the publicly available, indexed cache directory with all that 
SQL, JSON and other data. There's the XSS vulns (HTML5 only, though it 
should be simple enough to rewrite), CSRF holes, and the Flash upload 
issues in the video upload script (a Joomla module that appears to have 
been used without any quality control or review despite the fact that 
it's currently in Alpha)

[...]


_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn
Received on Thu Sep 02 2010 - 23:28:55 PDT

This archive was generated by hypermail 2.2.0 : Thu Sep 02 2010 - 23:43:59 PDT