Re: the other IE cookie stealing bug (MS01-055)

From: CDE Francis (fuyat_private)
Date: Fri Nov 16 2001 - 06:23:10 PST

Next message: Vincent GAILLOT: "How to use Google to find confidential informations"

Previous message: Hack Kampbjørn: "RE: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overf low Vulnerability"
In reply to: Marc Slemko: "the other IE cookie stealing bug (MS01-055)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 8:44 PM -0800 2001/11/14, Marc Slemko wrote:
>         http://passport.com%20.sub.znep.com/cgi-bin/cookies
>    ...will cause IE to connect to the hostname specified, but send the
>    cookies to the server based on the hostname before the "%20"

Once again, I'd like to point out that IE 5 Mac (OS 8/9 or X) is not
  vulnerable to this attack. Please remember that IE != Windows.  :-p

-F.

Next message: Vincent GAILLOT: "How to use Google to find confidential informations"
Previous message: Hack Kampbjørn: "RE: NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overf low Vulnerability"
In reply to: Marc Slemko: "the other IE cookie stealing bug (MS01-055)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Nov 19 2001 - 08:33:18 PST