| 词条 | Cross-site cooking |
| 释义 |
Cross-site cooking is a type of browser exploit which allows a site Cross-site cooking can be used to perform session fixation attacks, as a malicious site can fixate the session identifier cookie of another site. Other attack scenarios may also be possible, for example: Cross site. Cross-site cooking is similar in concept to cross-site scripting, cross-site request forgery, cross-site tracing, cross-zone scripting etc., in that it involves the ability to move data or code between different web sites (or in some cases, between e-mail / instant messages and sites). These problems are linked to the fact that a web browser is a shared platform for different information / applications / sites. Only logical security boundaries maintained by browsers ensures that one site cannot corrupt or steal data from another. However a browser exploit such as cross-site cooking can be used to move things across the logical security boundaries. OriginsThe name cross-site cooking and concept was presented by Michał Zalewski in 2006.[1] The name is a mix of "cookie" and "cross-site", attempting to describe the nature of cookies being set across sites. In Michał Zalewski's article of 2006, [https://archive.is/19990129060744/http://www.nihongo.org/snowhare/ Benjamin Franz] was credited for his discovery, who in May 1998 reported a cookie domain related vulnerability to vendors. Benjamin Franz published the vulnerability and discussed it mainly as a way to circumvent "privacy protection" mechanisms in popular browsers. Michał Zalewski concluded that the bug, 8 years later, was still present (unresolved) in some browsers and could be exploited for cross-site cooking. Various remarks such as "vendors [...] certainly are not in a hurry to fix this" were made by Zalewski and others. References1. ^Browsers face triple threat(Techworld.com) External links
1 : Web security exploits |
| 随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。