XSS with encrypted cookie?

From: pire pire (pirepire69@romandie.com)
Date: Wed Dec 10 2003 - 02:44:07 EST

• Next message: Alfred Huger: "Re: Education End Users about Passwords - Was - RE: john the ripper - DEAD THREAD"
• Previous message: Martin Maèok: "Re: john the ripper"
• Next in thread: dd: "Re: XSS with encrypted cookie?"
• Reply: dd: "Re: XSS with encrypted cookie?"
• Reply: Rajesh Jose: "RE: XSS with encrypted cookie?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

I'm wondering if it's possible via a XSS attack to steal an
encrypted cookie (actually it's a session token)? (with some
javascript like: document.cookie etc...)

If yes, is it also possible to replay this cookie? (of course the
session must still be valid on the server)

I know it works with regular cookie.

Thanks a lot for your help

_______________________________________________

La messagerie gratuite des romands : 10 MO !!!
Profitez-en ! >>> http://www.romandie.com

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Alfred Huger: "Re: Education End Users about Passwords - Was - RE: john the ripper - DEAD THREAD"
• Previous message: Martin Maèok: "Re: john the ripper"
• Next in thread: dd: "Re: XSS with encrypted cookie?"
• Reply: dd: "Re: XSS with encrypted cookie?"
• Reply: Rajesh Jose: "RE: XSS with encrypted cookie?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:44 EDT