Ulf Harnhammar wrote: > we can redirect to a site while setting a cookie by giving $url the value > "http://www.kuro5hin.org/\015\012Set-Cookie: evil=natas". If the cookie > contains important data and one user can save URL's that another user will be > redirected to, this can be serious. While doing a pentest for a major banking website, I showed them how an attacker could use this technique to set a permanent cookie to an invalid value, resulting in a permanant DOS against every user that encountered the attack. They finally understood what I was saying when I locked up a manager's browser and he couldn't get into his own site until I deleted his bad cookie. But they still felt it would be too much work to fix it.
This archive was generated by hypermail 2b30 : Thu May 09 2002 - 09:53:25 PDT