Cookie Issue Allows Attackers to target Main Domain From Subdomain - HTML Forums - Free Webmaster Forums and Help Forums

Website Templates

All access to thousands of web templates, logos, icons, more...

Turnkey Websites

Instant websites, turnkey PHP templates!

StockePhotos.com

Stock Photography

All access to thousands of professional stock photos

100's of templates for joomla, drupal, wordpress, and more!

	HTML Forums - Free Webmaster Forums and Help Forums > TOOLS OF THE TRADE > Security Alert
Cookie Issue Allows Attackers to target Main Domain From Subdomain

Reply

View First Unread

Old

11-06-2009, 07:43 PM

#1

scoutt

Mister Admin to you

Join Date: Jul 2001

Posts: 30,730

iTrader: (0)

scoutt is a jewel in the rough

scoutt is a jewel in the rough

scoutt is a jewel in the rough

Cookie Issue Allows Attackers to target Main Domain From Subdomain

(November 4 & 5, 2009)
A problem with the way browsers handle cookies could be exploited to
attack a website's main domain through its subdomains. A researcher
has published a paper in which he offers proof-of-concept examples of
the attack for the Google, Expedia and Chase Manhattan Bank websites.
The problem lies in a browser protocol, RFC 2965, which says "that
browsers must allow subdomains to set and read cookies for their
parent."
http://www.darkreading.com/security/...es+and+threats
http://www.securecomputing.net.au/Ne...ack-space.aspx
http://www.theregister.co.uk/2009/11...okie_stealing/

__________________
Have a Script or Snippet you want to share?

WWW Standards: HTML 4.01, CSS2.1, CSS3, XHTML 1.0
PHP Standards: PHP Standards

Add to del.icio.us

Add to del.icio.us

Can you digg it?

Can you digg it?

Reply With Quote

Reply

« Previous Thread | Next Thread »

KEEP TABS

SPONSORS

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

POSTING RULES

You may not post new threads

You may not post replies

You may not post attachments

You may not edit your posts

Smilies are On

[IMG] code is Off

HTML code is Off

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Forum Jump

All times are GMT -5. The time now is 10:08 AM.


		Contact Us - Big Resources, Inc. - Archive - Top

Network Sites: Web Tools and Resources | Web Templates | Free Webmaster Resources | Free JavaScripts | Free Clip Art | Clipart Resources |
Turnkey Website Templates | Free Fonts | HTML Help | Stock Photos | Quality Hosting | Learn Perl and CGI | Top Web Hosts | CMS Templates

Partner Sites: Free Web Templates | Webmaster Resources | Javascripts | Stock Photos | DHTML Scripts | Create a free forum | Web Hosting Reviews |Web Hosting
| Unlimited Domain Hosting

Mascot team created by Drawshop.com

Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.

Server Monitoring by ENIACmonitor 0.01
HTMLforums.com © Big Resources, Inc. Web Design by BoxedArt.com

vRewrite 1.5 beta SEOed URLs completed by Tech Help Forum and Chalo Na.