Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

Can I obtain BASIC AUTH credentials using an XSS vulnerbility

From: frank fish <frankfish1962(at)hotmail.com>
Date: Mon Dec 02 2002 - 10:14:20 EST

Hello,

I have an application that uses IIS with basic authentication. The application has a XSS vulnerability that when exploited will allow me to collect the ASP Session Cookie from a logged on user.

However, this cookie is not enough for me to use to access the application, I need to get instead the BASE64 encoded authentication string. Is there a way to get this string via the XSS vulnerability ?

Thanks for any advice, Frank

Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail Received on Mon Dec 2 10:30:08 2002

This message: [ Message body ]
Next message: Keith T. Morgan: "FW: Top Ten Web App Sec Problems"
Previous message: Mark Curphey: "Great XML Security Primer"
Next in thread: Jill Tovey: "Re: Can I obtain BASIC AUTH credentials using an XSS vulnerbility"
Reply: Jill Tovey: "Re: Can I obtain BASIC AUTH credentials using an XSS vulnerbility"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:44 EDT

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library