[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200705091615.l49GFNRX008846@faron.mitre.org>
Date: Wed, 9 May 2007 12:15:23 -0400 (EDT)
From: "Steven M. Christey" <coley@...re.org>
To: john@...tinelli.com
Cc: bugtraq@...urityfocus.com
Subject: Re: Podium CMS - Cookie Manipulation Exploit
Hello,
Pardon me for being dense, but what exactly does "cookie manipulation"
mean in this context? What is the vulnerability?
Looking at the following exploit code:
<input name="id" size=75
value="<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>">
The (apparent) injection of a META tag suggests that the real issue is
XSS. Do you mean that there's an XSS attack which could be used to
modify cookies? Or are you talking about CSRF?
Where do 'cookiename' and 'cookievalue' come from?
Finally, while "Podium" does seem to be in heavy use, what is the
actual product and vendor that's affected?
Thanks,
Steve
Powered by blists - more mailing lists