Boursorama.com cookie exploit .oO Overview Oo. Boursorama.com stores usernames and passwords in clear text cookies Discovered on 09/02/2002 Vendor: http://www.boursorama.com .oO Summary Oo. Boursorama is the french leader of stock market information. This financial site dedicated to providing the most up-to-the-minute stock quotes from France and from other international markets. The stock information is provided by multiple databases from companies (balances, forecasts, news) and by market commentaries 24 hours a day. Boursorama offers personalized services including: email, budget management, and forums. These services are based on login/password authentification, stores in a cookie. The login and password are stored in clear text. .oO Details Oo. This is part of the boursorama cookie : ...Some crap here... * log my_login boursorama.com/ 0 1777520896b 29827774 2580969488 29460647 * pass my_password boursorama.com/ ...Some crap here... In this example, my_login and my_password are the login and password in clear text. Retrieving the cookie is possible to anyone with access to the cookies.txt file, or man-in-the-middle attack, but several browser vulnerabilities allow remote sites to retrieve cookies that were not planted by them. This enables malicious web site operators to 'steal' the Boursorama cookie, effectively retrieving the username and password. .oO Exploit Oo. An exploit has been made in Visual Basic, and can be downloaded at http://www.securiteinfo.com/download/boursorama.zip. This program search the cookie on the disk drive, and, if found, print the login and password on the screen. .oO Solution Oo. The solution is to use strong crypto to encrypt the login and password stored in the cookie. The vendor has been informed and has solved the problem. .oO Discovered by Oo. Arnaud Jacques webmaster@securiteinfo.com http://www.securiteinfo.com
