During a penetration test at work yesterday, I found a web server vulnerable to a XSS attack. While brainstorming for ideas on how to exploit the bug, I discovered that Safari 1.1 (v100) is vulnerable to a cookie theft attack. The BugTraq posting is
here. After receiving a confirmation from another BugTraq subscriber, I notified the Safari engineers at Apple. As it turned out, they monitor BugTraq and knew of the problem from my posting there - Very Cool *grin*
Christian Horchert from veedev.de wrote to tell me that apparently the cookie theft bug persists even when cookies are "disabled". This makes since to me, since it is a bug in controlling the
reading of cookies. Disabling cookies is really about disabling the writing of cookies - or at least that appears to be Safari's approach. The javascript is always going to try to read cookies even you have them disabled. So if your code can't control the reading of cookies - what makes anyone think that they would be able to actually disable the reading of cookies ?? None the less, it was good info to know, so thank you Christian.
