Pages: 1 [2]

Author Topic: Stealing Cookie With XSS  (Read 13839 times)

0 Members and 1 Guest are viewing this topic.

Offline z3ro

  • Knight
  • **
  • Posts: 345
  • Cookies: 60
    • View Profile
Re: Stealing Cookie With XSS
« Reply #15 on: July 27, 2012, 10:58:00 am »
Suppose Mr. A has stolen the cookies of Mr. X  .... so what?? 
what the hell can he do with it?  :P 







Report to moderator   Logged
~ God is real. Unless declared as an integer.

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: Stealing Cookie With XSS
« Reply #16 on: July 27, 2012, 01:29:05 pm »
Depends on the cookie type. If the cookie is tangible - you can eat it.
If the cookie is virtual, you can browse the website with some guys session (logged in as that user) without the victim knowing, until the sessions ends of course.
Kinda hard to answer if you don't know the concepts of networking.
Report to moderator   Logged

Offline z3ro

  • Knight
  • **
  • Posts: 345
  • Cookies: 60
    • View Profile
Re: Stealing Cookie With XSS
« Reply #17 on: July 27, 2012, 01:39:47 pm »
Quote from: Kulverstukas on July 27, 2012, 01:29:05 pm
Depends on the cookie type. If the cookie is tangible - you can eat it.
If the cookie is virtual, you can browse the website with some guys session (logged in as that user) without the victim knowing, until the sessions ends of course.
Kinda hard to answer if you don't know the concepts of networking.


most website (facebook, twitter, ymail, gmail, etc) use httpOnly cookies.... >> which are virtually not 'stealable' using js.
Report to moderator   Logged
~ God is real. Unless declared as an integer.
Pages: 1 [2]