On Thu, Nov 4, 2010 at 2:24 PM, Nathan <[email protected]> wrote: > The other wrinkle is that even if the developer moves the session to SSL, > they might forget to mark the cookie secure. So when the user goes to > their > old http:// bookmark they might still leak out their session cookie and > be vulnerable to session-jacking. > > -nage > > True story. Another way to exploit cookies not limited to SSL only is to observe DNS queries from clients, and then when they download any webpage over HTTP, just inject into that stream the HTML markup to load a bogus URL on a domain you want to hijack. The browser will make a request to your bogus asset at that domain without SSL and reveal the session cookie.
—Devlin /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
