What attack is being depicted here?

seenagapeJanuary 19, 2012

Ivan is auditing a corporate website. Using Winhex, he alters a cookie as shown below.

Before Alteration: Cookie: lang=en-us; ADMIN=no; y=1 ; time=10:30GMT ;

After Alteration: Cookie: lang=en-us; ADMIN=yes; y=1 ; time=12:30GMT ;

What attack is being depicted here?

A.
Cookie Stealing

B.
Session Hijacking

C.
Cross Site Scripting

D.
Parameter Manipulation

Explanation:
Cookies are the preferred method to maintain state in the stateless HTTP protocol. They are however also used as a convenient mechanism to store user preferences and other data including session tokens. Both persistent and non-persistent cookies, secure or insecure can be modified by the client and sent to the server with URL requests. Therefore any malicious user can modify cookie content to his advantage. There is a popular misconception that non-persistent cookies cannot be modified but this is not true; tools like Winhex are freely available. SSL also only protects the cookie in transit.

One Comment on “What attack is being depicted here?”

Dennis Simerson says:

July 28, 2016 at 5:42 pm

peggy corlin journaliste

http://www.zkRCZC3urT.com/zkRCZC3urT

Log in to Reply

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ECCouncil Exam Questions

Free EC-Council Study Guide

What attack is being depicted here?

One Comment on “What attack is being depicted here?”

Leave a Reply Cancel reply