[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth)
- From: "Brian Eaton" <eaton.lists@xxxxxxxxx>
- Subject: Re: [WEB SECURITY] Round-up: Ways to bypass HttpOnly (and HTTP Basic auth)
- Date: Wed, 3 May 2006 08:29:30 -0400
On the other hand, several attacks against the above techniques cropped up in the
recent few years, and I'd like to summarize them in this message. All attacks assume
an XSS condition in the application (actually, on the host for which the cookies/basic
auth is used), and using this XSS condition, the data in the HttpOnly cookie/basic
auth is read.
It looks like the attacks fall into three categories:
- attacks requiring XSS + TRACE.
- attacks requiring XSS + request smuggling.
- attacks requiring XSS + a test script that acts similarly to the
TRACE method, returning request values to the browser.
Am I reading that properly?
Regards,
Brian
---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/
Brought to you by http://www.webappsec.org
Search this site
|