Perlfect Solutions
 

[Perlfect-search] stealing cookies with perlfect

Daniel Naber daniel.naber@t-online.de
Tue, 7 Nov 2000 11:04:55 +0100
--------------Boundary-00=_70GNM8HK9UT4KQ3D786M
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

On 2000-11-07 10:43, you wrote:

> against any perlfect-site and receive the user's cookies in an
> alert-window. easy to exploit e.g. for sites with ecommerce or
> bulletinboards (ubb & mwf, to name few that use cookies).

Unfortunately you are right :-( Here's a fix (hopefully, please help and=20
test it).

Regards
 daniel

--=20
Daniel Naber, Paul-Gerhardt-Str. 2, 33332 G=FCtersloh
Tel. 05241-59371, Mobil 0170-4819674
=00
--------------Boundary-00=_70GNM8HK9UT4KQ3D786M
Content-Type: text/english;
  name="anti-cross-site.diff"
Content-Disposition: attachment; filename="anti-cross-site.diff"
Content-Transfer-Encoding: base64

LS0tIC4uL3NlYXJjaC0zLjA5b3JnL3NlYXJjaC5wbAlUdWUgTm92ICA3IDExOjAwOjA3IDIwMDAK
KysrIHNlYXJjaC5wbAlUdWUgTm92ICA3IDExOjAwOjU5IDIwMDAKQEAgLTE3OCw3ICsxNzgsNyBA
QAogICBteSAkcmFuayA9IDA7CiAKICAgJGh7c2NyaXB0X25hbWV9ID0gIlBlcmxmZWN0IFNlYXJj
aCAkVkVSU0lPTiI7Ci0gICRoe3F1ZXJ5X3N0cn0gICA9ICRxdWVyeS0+cGFyYW0oJ3EnKTsKKyAg
JGh7cXVlcnlfc3RyfSAgID0gY2xlYW51cCgkcXVlcnktPnBhcmFtKCdxJykpOwogICAkaHtyZXN1
bHRzX251bX0gPSBrZXlzICVhbnN3ZXI7CiAgICRoe2xhbmd9ID0gJGxhbmc7CiAgIApAQCAtMzAw
LDQgKzMwMCwxMyBAQAogICB9CiAgIAogICByZXR1cm4gQGk7Cit9CisKKyMgUmVtb3ZlIHNvbWUg
SFRNTCBzcGVjaWFsIGNoYXJhY3RlcnMgZnJvbSBhIHN0cmluZy4gVGhpcyBpcyBuZWNlc3NhcnkK
KyMgdG8gYXZvaWQgY3Jvc3Mgc2l0ZSBzY3JpcHRpbmcgYXR0YWNrcy4gCisjIFNlZSBodHRwOi8v
d3d3LmNlcnQub3JnL2Fkdmlzb3JpZXMvQ0EtMjAwMC0wMi5odG1sCitzdWIgY2xlYW51cCB7Cisg
IG15ICRzdHIgPSAkX1swXTsKKyAgJHN0ciA9fiBzL1s8PiImXS8vaWdzOworICByZXR1cm4gJHN0
cjsKIH0K

--------------Boundary-00=_70GNM8HK9UT4KQ3D786M--