PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

Storing Checkbox Data in a Database
Object-Oriented Features New To PHP5
In Case You Missed It...The Week of May 23, 2005
OO Programming in PHP
In Case You Missed It...The Week of November 28th, 2005

Sr. Web Developer
mediabistro.com
US-NY-New York

Post A Job | Post A Resume

Comments for: chriskings20001128

Message # 1004090:

Date: 02/24/01 16:37
By: Hugh
Subject: (yet(yet)) another possible

There's quite an interesting possible way of hacking cookies back and forth - by using javascript source includes plus scripting -

eg..
user at domain1.com has cookie for that domain.

visits page on domain2.com which has -
<script language=javascript src=http://domain1.com/spit_js.php></script>
the request for spit_js.php will have the domain1.com cookie attached.
spit_js.php can then (by sending Content-type: application/x-javascript\n\n) spit the javascript code: document.cookie = ...
As the javascript 'appears' in a page on domain2.com it's allowed to set cookies for that domain...

just a 2p thought. As someone else points out, it'll probably be disabled in newer versions of browsers with paranoia > 1.0

H

Previous Message | Next Message

Comments:
Cross Domain	Lavanya	05/23/08 03:23
RE: (yet(yet)) another possible	Guus derks	12/13/07 04:48
RE: Cross Domain	samantha	02/19/05 07:03
RE: EASIER Cross Domain	Michael	10/28/03 19:56
Setting cookies on a Linux Webserver	Siva	10/17/02 02:07
RE: expiring cookies.	Keri Henare	07/25/02 04:01
RE: (yet(yet)) another possible	Danny Tuppeny	09/12/01 09:28
RE: Great, why use rewrite at all?	Danny Tuppeny	09/12/01 09:24
RE: Why not use redirection?	Danny Tuppeny	09/12/01 09:22
expiring cookies.	nagaraj	09/12/01 05:50
RE: Privacy Concerns of John Q. Public	Jesse	08/03/01 14:49
(yet(yet)) another possible	Hugh	02/24/01 16:37
RE: Not a session	Phil Greenway	02/15/01 16:33
RE: Another method	David Davis	02/02/01 14:16
Yet another way	sander	12/16/00 15:15
RE: I think I would have...	Chris Kings-Lynne	12/04/00 21:08
RE: Another method	Matthew Kendall	12/04/00 02:26
Another method	Andrew Dickinson	12/03/00 15:09
Privacy Concerns of John Q. Public	Jim Hawley	12/02/00 11:07
Great, why use rewrite at all?	Brian Tanner	12/01/00 20:51
Why not use redirection?	Johannes Erdfelt	12/01/00 14:17
RE: Cookies	Hreinn Beck	12/01/00 04:51
I think I would have...	Paul K Egell-Johnsen	11/30/00 13:13
RE: Cross Domain	marcoBR	11/29/00 20:14
RE: Cross Domain	Robert	11/29/00 19:25
deleting cookies	Donncha O Caoimh	11/29/00 08:03
Cross Domain	Micheal O Shea	11/29/00 07:23
If you are looking for help, please post on the appropriate forum here. Your questions will be answered much more quickly. Add A Comment: Name: Email: Subject: Message: To reduce spam posts, messages are now manually approved You are not [logged in]. That means your account will not get credit for this post.

Comments for: chriskings20001128

Add A Comment: