infosec-news September 2010 archive
Main Archive Page > Month Archives  > infosec-news archives
infosec-news: [ISN] Cross-subdomain Session Fixation

[ISN] Cross-subdomain Session Fixation

From: InfoSec News <alerts_at_nospam>
Date: Fri Sep 03 2010 - 06:28:55 GMT
To: isn@infosecnews.org

http://blog.skeptikal.org/2010/09/cross-subdomain-session-fixation.html

By Mike Bailey
skeptikal.org
September 2, 2010

Last fall I wrote a bit about cross-subdomain cookie attacks. As often
as I come across more uses for them, I think that they are a much more
serious issue than most people (myself included) have made them sound.
Today, I came across a variant which I'd theorized about in the past,
but never bothered to find in the wild, and I think it merits some
attention.

You may be familiar with Hack Is Wack- a stupid marketing campaign from
Norton/Symantec. The premise is simple: users submit videos, which are
voted on, and the winner gets to roll with Snoop Dogg...'s manager. You
may not know it, but most of Snoop's music is information
security-related. "What's My Name" is about AuthN, "Drop it like it's
Hot" is about SQL injection, not to mention constant references to cron,
gzip, and other unix commands in his lyrics. It's really a pretty
natural match.

At any rate, the Hack is Wack site is chock full of holes. For example,
there's the publicly available, indexed cache directory with all that
SQL, JSON and other data. There's the XSS vulns (HTML5 only, though it
should be simple enough to rewrite), CSRF holes, and the Flash upload
issues in the video upload script (a Joomla module that appears to have
been used without any quality control or review despite the fact that
it's currently in Alpha)

[...]

_______________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn