[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability

To: information security <informationhacker08@xxxxxxxxx>
Subject: Re: [Full-disclosure] Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability
From: Darren McDonald <athena@xxxxxxxxxxxxx>
Date: Tue, 25 Oct 2011 21:47:05 +0100

On 25 October 2011 19:26, information security
<informationhacker08@xxxxxxxxx> wrote:
>
> #Product  Outlook Web Access 8.2.254.0
>
>
> #Vulnerability
> SideJacking is the process of sniffing web cookies, then replaying them to
> clone another user's web session. Using a cloned web session, the jacker can
> exploit the victim's previously-established site access
>

Wait, your saying if someone gets the session token, they get access
to the session! Oh my god, why didnt I see it before? We're so
screwed, almost every web application I've ever used, written, or
tested is vulnerable to this issue. Quick, close down the internet
before it's too late!

Renski

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability
  - From: William Reyor

References:
- [Full-disclosure] Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability
  - From: information security

Prev by Date: [Full-disclosure] Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability
Next by Date: Re: [Full-disclosure] Symlink vulnerabilities
Previous by thread: [Full-disclosure] Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability
Next by thread: Re: [Full-disclosure] Microsoft Outlook Web Access Session sidejacking/Session Replay Vulnerability
Index(es):
- Date
- Thread