Hosting Provided By

Re: Custom session tokens and XSS

From: Thomas Chiverton <thomas.chiverton(at)bluefinger.com>
Date: Wed Aug 13 2003 - 08:11:16 EDT

On Wednesday 13 Aug 2003 11:23 am, Stephen de Vries wrote:
> I think I may be misunderstanding this, but if the attacker makes a web

But the attackers session will now be running in the victims browser, where it can steal his cookies, email or whatever.

-- 
Tom Chiverton (sorry 'bout sig.)
Advanced ColdFusion Programmer

Tel: +44(0)1749 834997
email: tom.chiverton@bluefinger.com
BlueFinger Limited
Underwood Business Park
Wookey Hole Road, WELLS. BA5 1AF
Tel: +44 (0)1749 834900
Fax: +44 (0)1749 834901
web: www.bluefinger.com
Company Reg No: 4209395 Registered Office: 2 Temple Back East, Temple
Quay, BRISTOL. BS1 6EG.
*** This E-mail contains confidential information for the addressee
only. If you are not the intended recipient, please notify us
immediately. You should not use, disclose, distribute or copy this
communication if received in error. No binding contract will result from
this e-mail until such time as a written document is signed on behalf of
the company. BlueFinger Limited cannot accept responsibility for the
completeness or accuracy of this message as it has been transmitted over
public networks.***

Received on Wed Aug 13 09:24:05 2003

This message: [ Message body ]
Next message: Ingo Struck: "Re: Custom session tokens and XSS"
Previous message: Stephen de Vries: "Re: Custom session tokens and XSS"
In reply to Stephen de Vries: "RE: Custom session tokens and XSS"
Next in thread: Stephen de Vries: "Re: Custom session tokens and XSS"
Reply: Stephen de Vries: "Re: Custom session tokens and XSS"
Reply: Ingo Struck: "Re: Custom session tokens and XSS"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:54 EDT