Hi,
last week, in two security conferences I showed a new attack technique
called Cookiejacking that allows to steal session cookies without any XSS
vulnerability.
https://www.swisscyberstorm.com/speakers/valotta
http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388
All previous approaches on the same topic used at least an XSS or a Man in
the middle attack (eg Firesheep) to steal cookies.
In this approach I use a 0-day vulnerabilty affecting all versions of IE on
every Windows OS and an advanced Clickjacking attack in order to trick users
in dragging & dropping their cookies.
You can steal any cookie (http only, secure cookies, whatever the website)
of every Win user.
On my blog you can find a writeup and a couple of videos.
https://sites.google.com/site/tentacoloviola/cookiejacking
Regards
Rosario Valotta
For your information. The talk of Rosario at Swiss Cyber Storm 3 in
Switzerland plus his slides are now online
https://www.swisscyberstorm.com/speakers/valotta#video
Ivan
From: websecurity-bounces@lists.webappsec.org
[mailto:websecurity-bounces@lists.webappsec.org] On Behalf Of Rosario
Valotta
Sent: Mittwoch, 25. Mai 2011 00:14
To: websecurity@lists.webappsec.org
Subject: [WEB SECURITY] Cookiejacking attack technique
Hi,
last week, in two security conferences I showed a new attack technique
called Cookiejacking that allows to steal session cookies without any
XSS vulnerability.
https://www.swisscyberstorm.com/speakers/valotta
http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388
All previous approaches on the same topic used at least an XSS or a Man
in the middle attack (eg Firesheep) to steal cookies.
In this approach I use a 0-day vulnerabilty affecting all versions of IE
on every Windows OS and an advanced Clickjacking attack in order to
trick users in dragging & dropping their cookies.
You can steal any cookie (http only, secure cookies, whatever the
website) of every Win user.
On my blog you can find a writeup and a couple of videos.
https://sites.google.com/site/tentacoloviola/cookiejacking
Regards
Rosario Valotta
Hello,
It's not a CookieJacking, it's more "Files Stealing" using ClickJacking
technique.
I have discovered this file stealing IE vulnerability few months ago.
Comitari's WPS product protects against this attack.
Using this vulnerability it's possible to steal files from local hard drive
and from network shares using the drag&drop technique.
The vulnerability exists only on IE6-8 on Windows-XP (it was fixed on
Vista).
Kind Regards,
Narkolayev Shlomi.
Visit my blog: http://Narkolayev-Shlomi.blogspot.com
On Fri, May 27, 2011 at 6:43 PM, Ivan Buetler ivan.buetler@csnc.ch wrote:
For your information. The talk of Rosario at Swiss Cyber Storm 3 in
Switzerland plus his slides are now online
https://www.swisscyberstorm.com/speakers/valotta#video
Ivan
From: websecurity-bounces@lists.webappsec.org [mailto:
websecurity-bounces@lists.webappsec.org] *On Behalf Of *Rosario Valotta
Sent: Mittwoch, 25. Mai 2011 00:14
To: websecurity@lists.webappsec.org
Subject: [WEB SECURITY] Cookiejacking attack technique
Hi,
last week, in two security conferences I showed a new attack technique
called Cookiejacking that allows to steal session cookies without any XSS
vulnerability.
https://www.swisscyberstorm.com/speakers/valotta
http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388
All previous approaches on the same topic used at least an XSS or a Man in
the middle attack (eg Firesheep) to steal cookies.
In this approach I use a 0-day vulnerabilty affecting all versions of IE on
every Windows OS and an advanced Clickjacking attack in order to trick users
in dragging & dropping their cookies.
You can steal any cookie (http only, secure cookies, whatever the website)
of every Win user.
On my blog you can find a writeup and a couple of videos.
https://sites.google.com/site/tentacoloviola/cookiejacking
Regards
Rosario Valotta
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org