Each system uses different code to parse cookies. Undoubtedly,
28 Hacking Exposed Web 2.0
these systems will parse (and read) cookies differently. Attackers may be able to add or
replace a cookie to a victim??™s cookies that will appear different to systems that expect the
cookie to look the same. For instance, an attacker may be able add or overwrite a cookie
that uses the same name as a cookie that already exists in the victim??™s cookies. Consider
a university setting, where an attacker has a public web page at http://public-pages.
university.edu/~attacker and the university hosts a webmail service at https://webmail
.university.edu/. The attacker can set a cookie in the .university.edu domain that will
be sent to https://webmail.university.edu/. Suppose that cookie is named the same as
the webmail authentication cookie. The webmail system will now read the attacker??™s
cookie.
The webmail system may assume the user is someone different and log him or her in to
a different webmail account. The attacker could then set up the different webmail account
(possibly his own account) to contain a single e-mail stating that the user??™s e-mails were
removed due to a ???security breach??? and that the user must go to http://public-pages.
Pages:
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97