Another Netscape 4.07 cache reading bug

From: Georgi Guninski (guninskiat_private)
Date: Thu Oct 08 1998 - 19:20:19 PDT

Next message: Simple Nomad: "Re: NMRC Advisory - "Decryption" of the RCONSOLE Password (fwd)"

Previous message: Mnemonix: "WARNING: By-passing MS Proxy packet filtering"
Next in thread: Ken Williams: "Re: Another Netscape 4.07 cache reading bug"
Reply: Ken Williams: "Re: Another Netscape 4.07 cache reading bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have found a new bug in Netscape Communicator 4.07, 4.05 (probably others),
which allows reading the user's cache (the URLs the user has visited, including the info in GET forms).
The bug uses Javascript - a link to 'about:<SCRIPT>...javascript code...</SCRIPT>' does the work.

A demo is available at: http://www.freeyellow.com/members5/guninski/ncache.html

Part of the code is borrowed from Dan Brumleve <nothingat_private>, for better goodies see:
http://www.shout.net/~nothing/son-of-cache-cow/index.html
Workaround: Disable Javascript.

Regards,
Georgi Guninski


____________________________________________________________________
Get free e-mail and a permanent address at http://www.netaddress.com/?N=1

Next message: Simple Nomad: "Re: NMRC Advisory - "Decryption" of the RCONSOLE Password (fwd)"
Previous message: Mnemonix: "WARNING: By-passing MS Proxy packet filtering"
Next in thread: Ken Williams: "Re: Another Netscape 4.07 cache reading bug"
Reply: Ken Williams: "Re: Another Netscape 4.07 cache reading bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:18:58 PDT