Very nice info indeed, Thanx !

–

As requested i do have some questions/thoughts etc, which i’d like answers to.

Malicious Cookie Exploits !

I’ve been to establish for some time, with not much help or success, if it’s at all possible for Cookies to manipulated maliciously. In other words ” could ” code, of Any decription, be inserted/injected etc by Any means into a Cookie ? Furthermore, could this then be launched/run etc, either directly and/or indirectly in some way/s ?

I’m not automatically excluding Anything in this scenario, it might be JavaScript or a mixture of different code, and/or whatever it takes to make it work !

Here’s a brief selection i’ve found on the subject –

inserting malicious content into a cookie – http://www.cert.org/tech_tips/malicious_code_mitigation.html

the cookie may be modified by the attacker to include
malicious code. – http://www.ciac.org/ciac/bulletins/k-021.shtml

it is easy for a client to alter their cookie to allow inclusion of malicious content or send bogus information in their HTTP requests – http://www.peej.co.uk/articles/cross-site-scripting.html

What Are The Chances of Catching a Virus From a Cookie? – http://www.cookiecentral.com/c_virus.htm

There was another i discovered the other day on i believe Secunia, which was a Vulnerability in either Windows and/or IE, that showed this was not only possible, but Actually has happened ! I thought i’d be able to locate it easily again, but couldn’t when i tried today ? I’ll try and find it again if i can.

Thanx in advance for Any light/info/links etc you can shed on this.

Regards,

Spanner

SpannerITWks