blackriver Posted January 14, 2009 Share Posted January 14, 2009 I'm wondering, since the Gmail cookie stealin' news, and the attention it brought to how and why cookies could be vulnerable, is it still worth stealing cookies? Doesn't every big site has measures taken against cookie stealing, or more specific, cookie re-using from a different PC/OS/browser/MAC/IP? Would you still really be able to simply log in as a certain user by using a captured cookie? Quote Link to comment Share on other sites More sharing options...
lopez1364 Posted January 14, 2009 Share Posted January 14, 2009 Sure why not. Ferret and Hamster. Cookies store so much data on them. If you are in a shared environment (library) and you purchase something online, that same cookie can later be used to purchase from your account. Quote Link to comment Share on other sites More sharing options...
psychoaliendog Posted January 18, 2009 Share Posted January 18, 2009 The way most websites are written is that only a unique ID is stored in the cookie, and all data regarding the session is stored on the server. Depending how that ID is generated it could lead to session hijacking. PHP's default session ID are usually prone to hijacking because it doesn't automatically check the ID for validity. So, it really depends on how the site was written. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.