[WEB SECURITY] Cookiejacking attack technique

Shlomi Narkolayev shlominar at gmail.com
Sun Jun 12 08:21:22 EDT 2011


Hello,

It's not a CookieJacking, it's more "Files Stealing" using ClickJacking
technique.

I have discovered this file stealing IE vulnerability few months ago.
Comitari's WPS product protects against this attack.

Using this vulnerability it's possible to steal files from local hard drive
and from network shares using the drag&drop technique.

The vulnerability exists only on IE6-8 on Windows-XP (it was fixed on
Vista).

Kind Regards,
Narkolayev Shlomi.

Visit my blog: http://Narkolayev-Shlomi.blogspot.com


On Fri, May 27, 2011 at 6:43 PM, Ivan Buetler <ivan.buetler at csnc.ch> wrote:

> For your information. The talk of Rosario at Swiss Cyber Storm 3 in
> Switzerland plus his slides are now online
>
> https://www.swisscyberstorm.com/speakers/valotta#video
>
>
>
> Ivan
>
>
>
> *From:* websecurity-bounces at lists.webappsec.org [mailto:
> websecurity-bounces at lists.webappsec.org] *On Behalf Of *Rosario Valotta
> *Sent:* Mittwoch, 25. Mai 2011 00:14
> *To:* websecurity at lists.webappsec.org
> *Subject:* [WEB SECURITY] Cookiejacking attack technique
>
>
>
> Hi,
>
> last week, in two security conferences I showed a new attack technique
> called Cookiejacking that allows to steal session cookies without any XSS
> vulnerability.
>
>
>
> https://www.swisscyberstorm.com/speakers/valotta
>
> http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388
>
>
>
> All previous approaches on the same topic used at least an XSS or a Man in
> the middle attack (eg Firesheep) to steal cookies.
>
> In this approach I use a 0-day vulnerabilty affecting all versions of IE on
> every Windows OS and an advanced Clickjacking attack in order to trick users
> in dragging & dropping their cookies.
>
>
>
> You can steal any cookie (http only, secure cookies, whatever the website)
> of every Win user.
>
>
>
> On my blog you can find a writeup and a couple of videos.
>
> https://sites.google.com/site/tentacoloviola/cookiejacking
>
>
>
> Regards
>
>
>
> Rosario Valotta
>
>
>
>
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110612/d348d863/attachment-0003.html>


More information about the websecurity mailing list