Using Cookies For Selective DoS and State Detection
August 22nd, 2010
No comments
Using Cookies For Selective DoS and State Detection: “
28 posts left….
This is a continuation of he first post where we described how you can use cookies to DoS certain portions of the website. After our speech one of the Mozilla guys came up to us and described another attack that arises from this. Let’s say when a user logs in it sets a cookie that is 200 bytes long, and when they log out it re-sets the same cookie to 50 bytes. Well if the attacker can set a cookie with a particular path to a single image on the site, for instance, they can use JavaScript to check with an onerror event handler to see if the image has loaded.
Categories: Website Security Attacker, Continuation, Cookies, DOS, Logs, Onerror Event, Security Lab, Variable Width, Web Application Security