Hi, last week, in two security conferences I showed a new attack technique called Cookiejacking that allows to steal session cookies without any XSS vulnerability. https://www.swisscyberstorm.com/speakers/valotta http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388 All previous approaches on the same topic used at least an XSS or a Man in the middle attack (eg Firesheep) to steal cookies. In this approach I use a 0-day vulnerabilty affecting all versions of IE on every Windows OS and an advanced Clickjacking attack in order to trick users in dragging & dropping their cookies. You can steal any cookie (http only, secure cookies, whatever the website) of every Win user. On my blog you can find a writeup and a couple of videos. https://sites.google.com/site/tentacoloviola/cookiejacking Regards Rosario Valotta

For your information. The talk of Rosario at Swiss Cyber Storm 3 in Switzerland plus his slides are now online https://www.swisscyberstorm.com/speakers/valotta#video Ivan From: websecurity-bounces@lists.webappsec.org [mailto:websecurity-bounces@lists.webappsec.org] On Behalf Of Rosario Valotta Sent: Mittwoch, 25. Mai 2011 00:14 To: websecurity@lists.webappsec.org Subject: [WEB SECURITY] Cookiejacking attack technique Hi, last week, in two security conferences I showed a new attack technique called Cookiejacking that allows to steal session cookies without any XSS vulnerability. https://www.swisscyberstorm.com/speakers/valotta http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388 All previous approaches on the same topic used at least an XSS or a Man in the middle attack (eg Firesheep) to steal cookies. In this approach I use a 0-day vulnerabilty affecting all versions of IE on every Windows OS and an advanced Clickjacking attack in order to trick users in dragging & dropping their cookies. You can steal any cookie (http only, secure cookies, whatever the website) of every Win user. On my blog you can find a writeup and a couple of videos. https://sites.google.com/site/tentacoloviola/cookiejacking Regards Rosario Valotta

Hello, It's not a CookieJacking, it's more "Files Stealing" using ClickJacking technique. I have discovered this file stealing IE vulnerability few months ago. Comitari's WPS product protects against this attack. Using this vulnerability it's possible to steal files from local hard drive and from network shares using the drag&drop technique. The vulnerability exists only on IE6-8 on Windows-XP (it was fixed on Vista). Kind Regards, Narkolayev Shlomi. Visit my blog: http://Narkolayev-Shlomi.blogspot.com On Fri, May 27, 2011 at 6:43 PM, Ivan Buetler <ivan.buetler@csnc.ch> wrote: > For your information. The talk of Rosario at Swiss Cyber Storm 3 in > Switzerland plus his slides are now online > > https://www.swisscyberstorm.com/speakers/valotta#video > > > > Ivan > > > > *From:* websecurity-bounces@lists.webappsec.org [mailto: > websecurity-bounces@lists.webappsec.org] *On Behalf Of *Rosario Valotta > *Sent:* Mittwoch, 25. Mai 2011 00:14 > *To:* websecurity@lists.webappsec.org > *Subject:* [WEB SECURITY] Cookiejacking attack technique > > > > Hi, > > last week, in two security conferences I showed a new attack technique > called Cookiejacking that allows to steal session cookies without any XSS > vulnerability. > > > > https://www.swisscyberstorm.com/speakers/valotta > > http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388 > > > > All previous approaches on the same topic used at least an XSS or a Man in > the middle attack (eg Firesheep) to steal cookies. > > In this approach I use a 0-day vulnerabilty affecting all versions of IE on > every Windows OS and an advanced Clickjacking attack in order to trick users > in dragging & dropping their cookies. > > > > You can steal any cookie (http only, secure cookies, whatever the website) > of every Win user. > > > > On my blog you can find a writeup and a couple of videos. > > https://sites.google.com/site/tentacoloviola/cookiejacking > > > > Regards > > > > Rosario Valotta > > > > > > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > >