Azrael Azrael - 1 year ago 53
Javascript Question

preventing javascript injections from navigation bar

I was playing around with cookies and stuff, until I noticed a website saying that you can easily set cookies via the navigation bar with one simple code;

javascript: document.cookie="SESSID=IDOFSESSIONHERE;path=/"

while doing this, I could login on one computer, copy the cookie data to another computer, and set the same cookie via this code, after a refresh I was logged in with the same user.

(just on a simple webpage I made myselve)

this seems like a security issue to me, I mean, ofcourse they would first need to get the cookie data, but without that, I imagine that you could do alot of damage with the
from the cookies aside.

Is there any way to prevent the usage of
from the navigation bar?

Answer Source

The user is the security issue not Javascript. The user gave you the session id - i.e. do you give out your keys/passwords to others? If you do what can the site do? Send around a blioke to look over your sholder all the time

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download