Results 1 to 3 of 3

Thread: Cookie stealing.

  1. #1
    Senior Member
    Join Date
    Nov 2001

    Cookie stealing.

    Source: Oxygen newsletter by Pandasoftware

    SecuriTeam has reported that, because of a vulnerabilities in Mozilla and Netscape browsers, it's possible for an attacker to access cookies on users' computers.

    This problem, which affects versions of Mozilla earlier than 0.9.7 and Netscape versions prior to 6.2.1, could allow an attacker to steal a user's cookies for a given domain if the attacker can convince the user's browser to load a given URL. It does not require active scripting to be enabled in the browser, and can be done with something as simple as an image tag pointing to a specially crafted URL. This tag could be included in a web page or e-mail.

    Cookies, which are often used as a means of identifying and authenticating users within a website, contain information including user names and passwords. If cookies are stolen, an attacker can gain the confidential information stored in them and impersonate the victim in the corresponding websites.

  2. #2
    Senior Member
    Join Date
    Nov 2001

    Got Milk?

    Is there a tool actually available that demonstrates this or is this a theory?

    Just asking.
    Noah built the ark BEFORE it rained.

  3. #3
    Computer Forensics
    Join Date
    Jul 2001
    I would imagine it works almost exactly the same as the IE exploits....there was a link that demonstrated the vuln for IE in the bugtraq mailing list. I will post it tomorrow......
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts