Thursday, September 15, 2016

Security+ and Cookie Attacks

Are you familiar with cookie attacks? It doesn't refer to cookies actually attacking, but it does refer to how attackers can exploit vulnerabilities and access cookies.

As an example, can you answer this sample Security+ practice test question recently added to the online test banks?

Q. A penetration tester has successfully exploited a vulnerability against your organization giving him access to the following data:

User, password, login-date, cookie-id
Homer, canipass, 2016-09-01 11:12, 286755fad04869ca523320acce0dc6a4
Bart, passican, 2016-09-01 11:15, 8edd7261c353c87a113269cd37635c68
Marge, icanpass, 2016-09-01 11:19, 26887fbd90ac0340e29ad62470270401

What type of attack does this represent?

A. SQL injection
B. XML injection
D. Session hijacking

More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available here.