In discussing a cross site scripting vulnerability with a friend of mine, he raised a point to me that I couldn't answer...I thought maybe someone here could enlighten me...

To sum up the situation, there is a CSS vulnerability in post nuke (A bbs software package) that allows a person to create a link to a particular file on the hosting server that contains javascript...If a user then clicks on the link, the javascript would be activated as if it were on the site...In short, it would allow one to make a post with a script in it that would run on a user's computer if they clicked on it...

My initial line of thought when I read this was that it would allow someone to retrieve another user's cookie, thereby allowing them to log on as another user (since post nuke uses cookies for authentication)....My friend, however, pointed out to me that it wouldn't be possible....There's no way to retrieve the cookie and store it in a static file is what he told me...

I personally don't know much about javascript...So I don't know if he's right...But my question would have to be, is there a function in javascript that would allow one to retrieve another user's cookie and store it in a form that would be accessible later??? I don't need specifics (don't want anyone to think I'm trying to break into someone's forum) I just wanted to know if it were possible for the sake of argument...


Caskethopper