('binary' encoding is not supported, stored as-is) >More interesting are cases where you can actually inject it into a >cookie that the site uses to make it persist. > >an exploit that set a msnbc.com cookie yes and in fact, such a vulnerability still exists on msnbc.com =] I will not go into detail. However, the bug is real and exists within the cookie that stores your stock symbols on the MAIN home page. To exploit this would take great skill, but it can be done as I have tried it already. Please be advised that msnbc.com has not been notified. 'phine ------------------------------------------------------------ This email was sent through the free email service at http://www.anonymous.to/ To report abuse, please visit our website and click 'Contact Us.'
This archive was generated by hypermail 2b30 : Sat Feb 02 2002 - 09:00:37 PST