Saturday, May 25, 2013
Breaking News
You are here: Home / Public / XSS Cookie Monster (Stealing Session ID/Cookie)

XSS Cookie Monster (Stealing Session ID/Cookie)

Posted by: FastFlux July 19, 2012 in Public 6 Comments

This is how you can use XSS to steal users cookies/Session ID. I’m using the HTTP POST method versus HTTP GET in this example. : ) Enjoy…

Using one of the reported XSS vulnerabilities in Netsweepers WebAdmin Portal to hijack an authenticated users cookie and then using it to bypass authentication with an already authenticated session.

# Exploit Title: Netsweeper WebAdmin Portal CSRF, Reflective XSS, and “The later”
# Date: Discovered and reported CSRF and XSS reported 4/2012 and “The later” reported 7/2012
# Author: Jacob Holcomb/Gimppy042
# Software Link: Netsweeper Inc. – Netsweeper Internet Filter (www.netsweeper.com)
# CVE : CVE-2012-2446 for the XSS issues, CVE-2012-2447 for the CSRF, and CVE-2012-3859 for the “The later”

Tagged with:

About FastFlux

Owner of ZeroSecurity, intrested in programming, malware analysis and penetration testing. If you are interested in joining the ZeroSecurity team please use the contact forum located above to contact us.
Powered by ZeroSecurity | Designed by Tielabs
© Copyright 2013, All Rights Reserved
Scroll To Top
x
EmailEmail
PrintPrint
WP Socializer Aakash Web