I have recently been testing a new dynamic website that my company is coding and found multiple area's vulnerable to cross site scripting. I wrote code to retrieve someone's document.cookie with their ASPSESSIONID, however I am not quite sure how I can use that to then hijack their session. If this is not possible then I am not going to take the time to fix the cross site scripting problems, the reason I think it might not be possible is because the site uses a single asp file and sends a generated random id # as the querystring which is then referenced by our database to get the corresponding real query string. wouldn't i need to connect to the server with a cookie: ASPSESSIONIDxxx=xxxxxxx to webpath/script.asp?xxxxx and know that id after the question mark, this wouldn't be possible just having the cookie I don't think. Also what other possibilities are there to exploit the cross site scripting hole, for example if there was an error page that only the user submitting the false url can see then what damage could be done? If anyone can post common ways to exploit both cross site scripting holes where other users run your code and also ones where only you load the page with your code that would be appreciated. thanks. -John Allen Scimone (jscimoneat_private)
This archive was generated by hypermail 2b30 : Tue Oct 02 2001 - 12:50:18 PDT