cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leszek Gawron <lgaw...@mobilebox.pl>
Subject Re: Possible security problem with flowscript
Date Fri, 15 Oct 2004 12:22:23 GMT
Sylvain Wallez wrote:

> This has already been identified by Leszek Gawron. Although this is an 
> issue, it can only be exploited by hijacking a continuation ID which, if 
 > done, also means the ability to hijack the session ID and therefore the
 > associated authorizations.
not only ..

1. You login.
2. Do stuff.
3. Logout.
4. Even restart your computer.
5. Go to firefox cache - the page is there (still do not know why if I set 
caching headers properly).
5. http://thehost.com/myapp/showReport.do. The page loads from cache. The page 
content has a hidden input with valid continuation.
6. submit form.
7. the report is yours!

> The solution for this is the continuation-per-session manager, where a 
> continuation ID only exists within a given session.
Would you be so kind and review my solution for this? It is not quite finished 
(instrumentation and debug info is not implemented) but I am very eager to 
polish it if it could be useful to anyone but me.

-- 
Leszek Gawron                                      lgawron@mobilebox.pl
Project Manager                                    MobileBox sp. z o.o.
+48 (61) 855 06 67                              http://www.mobilebox.pl
mobile: +48 (501) 720 812                       fax: +48 (61) 853 29 65

Mime
View raw message