[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <88013722-0CE9-4936-A24B-BCE2B34803C7@gmail.com>
Date: Tue, 25 Oct 2011 18:36:42 -0400
From: William Reyor <opticfiber@...il.com>
To: Darren McDonald <athena@...donald.net>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
information security <informationhacker08@...il.com>
Subject: Re: Microsoft Outlook Web Access Session
sidejacking/Session Replay Vulnerability
Still possible when ssl connections are enforced?
On Oct 25, 2011, at 4:47 PM, Darren McDonald <athena@...donald.net> wrote:
> On 25 October 2011 19:26, information security
> <informationhacker08@...il.com> wrote:
>>
>> #Product Outlook Web Access 8.2.254.0
>>
>>
>> #Vulnerability
>> SideJacking is the process of sniffing web cookies, then replaying them to
>> clone another user's web session. Using a cloned web session, the jacker can
>> exploit the victim's previously-established site access
>>
>
> Wait, your saying if someone gets the session token, they get access
> to the session! Oh my god, why didnt I see it before? We're so
> screwed, almost every web application I've ever used, written, or
> tested is vulnerable to this issue. Quick, close down the internet
> before it's too late!
>
> Renski
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists