I am currently studying about session fixation techniques and read this article about it: http://ift.tt/ONZgLV
In example 2 and 3, it states that I can presumably set the cookie of a user that loads a resource using the following URLS:
http://ift.tt/24wQ1SY;
http://ift.tt/1W7W8MG http-equiv=Set-Cookie content=”sessionid=abcd”>
Does this mean that the browser processes these tags when processing URLS? I have tried executing scripts embedded in urls that load iframes and could not get them to execute even when I url encoded the script tags.
EDIT
I also think that the problem would be when the url is displayed to other users and the script executes. However, the nature of session fixation is having a user's cookie set by an attacker prior to log in in order for the attacker to hijack the session when the user logs in. This is in contrast to usual XSS attacks that attempts to steal the user's cookie to hijack the session. If that is the case, should not the user be at the target site first in order for the above scripts to change the browser cookies for the target site? In my understanding, browser cookies is a per site basis. So if the above script executes in any other site aside from the target site, the cookies would be set to the site the user is currently on and not to the target site. Is my understanding correct?
Aucun commentaire:
Enregistrer un commentaire