Hosting Provided By

XSS and URL Encoded Session IDs

From: B F <zaphod_b71(at)hotmail.com>
Date: Mon Dec 16 2002 - 15:18:30 EST

Hi List,

recently I did my first "real" WebApp Audit, so I´m quite new to this topic. The application in case has lot´s of XSS Vulnerabilities, but they are only accessible if you already know the SessionID of a specific user. Example

https://somesite.com/bad.asp?SID=4243434234234234?ID=<xss string of choice>

As you may have noticed the site is only accessible via HTTPS. So how to craft an URL which will trigger the XSS ? Don´t I have to know the SessionID first?

The only thing I can think of is to exploit a client side vuln. to get the SID.

Any better ideas?

MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus Received on Mon Dec 16 16:09:57 2002

This message: [ Message body ]
Next message: mono toy: "modify non-persistent cookies"
Previous message: Tomas: "Re: XSS Strings"
Next in thread: The Crocodile: "RE: XSS and URL Encoded Session IDs"
Reply: The Crocodile: "RE: XSS and URL Encoded Session IDs"
Reply: Ryan Yagatich: "Re: XSS and URL Encoded Session IDs"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:46 EDT

Do you need help?