Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Xss reflected in cookie
Posted by: acemutha
Date: October 09, 2012 10:29AM

Hi guys, is it possible to exploit a XSS reflected in cookies?
Thanks

Options: ReplyQuote
Re: Xss reflected in cookie
Posted by: Albino
Date: October 11, 2012 12:31PM

Depends. If you get xss in any subdomain you can inject cookies. Also, sometimes you get code that places user input directly into cookies, so you can inject new cookies using ; or , A certain hackxor level relies on this :)

-------------------------------------------------------
Research blog

Options: ReplyQuote
Re: Xss reflected in cookie
Posted by: acemutha
Date: October 12, 2012 05:40AM

Hi Albino,
thank you for your email, but can you be more detailed about what techniques allow you to do what you said apart from intercepting traffic a la MitM?
Thanks

Options: ReplyQuote
Re: Xss reflected in cookie
Posted by: Albino
Date: October 13, 2012 04:28AM

Just find XSS on a subdomain, then inject document.cookie='cookiename=xsspayload; domain=topdomain.com';

https://www.youtube.com/watch?v=hB2lPJldYQI

-------------------------------------------------------
Research blog

Options: ReplyQuote


Sorry, only registered users may post in this forum.