('binary' encoding is not supported, stored as-is) I'm working on a pen test for a web application. After the first time you successfully authenticate, the app stores a cookie with username and password in clear text. I've recently read the archive regarding vulnerable IE browsers revealing cookies. I'd like to go a step farther. Does anyone have a script that will email the cookie? I'd like to craft an email with a link and when a user clicks, it emails the cookie. I want to show the client how dangerous it is to store a clear text cookie. Also, any other method of cookie stealing would be really appreciated. Thanks. Joe ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Nov 30 2001 - 09:17:53 PST