university.edu/~attacker/reAuthenticate (or a less obviously malicious link) to sign in
again and to see all his or her e-mail. The attacker could make the reAuthenticate link look
like a typical university sign-in page, asking for the victim??™s username and password. When
the victim submits the information, the username and password would be sent to the
attacker. This type of attack is sometimes referred to as a session fixation attack, where the
attacker fixates the user to a session of the attacker??™s choice.
Injecting only cookie fragments may make different systems read cookies differently,
too. Note that cookies and access controls are separated by the same character??”a
semicolon (;). If an attacker can add cookies via JavaScript or if cookies are added based
on some user input, then the attacker could add a cookie fragment that may change
security characteristics or values of other cookies.
Parsing Cookies
Test for these types of attacks. Assume that man-in-the-middle attacks will be able to
overwrite even cookies that are set secure and sent over Secure Sockets Layer (SSL).
Thus, check the integrity of cookies by cross-referencing them to some session state.
Pages:
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98