Many commercial websites may be attacked to overwrite or delete stored preferences, session identifiers, authentication data, cart contents – with results ranging from minor annoyances to a possibility of fraudulent activity, depending on site design (bugs #1 and #2).

On sites where authentication data is tied on a server to a session ID, the attacker may be able to acquire credentials by tricking the visitor to authenticate within a session initiated by the attacker (bugs #1 and #2)

Some websites may be susceptible to malicious-activity-by-proxy attacks (bug #3).

There is no immediate universal threat to life as we know it, but numerous web scripts are an easy target of specific variants of the attacks described below.

Read the full paper by Michal Zalewski on Astalavista.


Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s