RE: Internet Explorer Document.Open() Without Close() Cookie Stea ling, File Reading, Site Spoofing Bug

From: CDE Francis (fuyat_private)
Date: Wed Dec 26 2001 - 06:48:05 PST

Next message: The Death: "RE: IE https certificate attack"

Previous message: Donald King: "Re: IE https certificate attack"
In reply to: Siddik, Syaefullah: "RE: Internet Explorer Document.Open() Without Close() Cookie Stea ling, File Reading, Site Spoofing Bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>  > From: the Pull [mailto:osioniusxat_private]
>  >
>  > Exploits: http://www.osioniusx.com
>  > "cookieStealing.html" - This opens Yahoo.com and
>>  steals the cookie.
>>  "FileReading.html" - This opens up C:\test.txt and
>>  then reads it.
>  > "SiteSpoofing.html" - This spoofs www.chase.com  --

None of the exploits at osioniusx.com work on IE 5.x for MacOS.

-- 
Francis Uy, Web Coordinator http://www.cty.jhu.edu/cde/ 410-516-0162

Next message: The Death: "RE: IE https certificate attack"
Previous message: Donald King: "Re: IE https certificate attack"
In reply to: Siddik, Syaefullah: "RE: Internet Explorer Document.Open() Without Close() Cookie Stea ling, File Reading, Site Spoofing Bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 26 2001 - 16:34:09 PST