Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)

From: Peter Bieringer (pbat_private)
Date: Thu Feb 07 2002 - 22:43:59 PST

Next message: Clinton Smith: "Re: HTTP 1.1 TRACE Command"

Previous message: Colby Marks: "RE: directory traversal"
In reply to: Patrick Kuiper: "Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)"
Next in thread: Random Chaos: "Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)"
Next in thread: Olivier Faurax: "Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--On Thursday, February 07, 2002 06:34:00 PM +0100 Patrick Kuiper
<patrickat_private> wrote:

> Netscape® Communicator 4.78 is giving the same error
> 
>> > Exploit Example.
>> > available at
>> > http://eyeonsecurity.net/advisories/showMyCookie.html
>> FYI: Mozilla 0.9.8+ gives an alert:
>> "Access to the port number given has been disabled for security
>> reasons."
> 
> Cu Patrick

Not happen here:

While Opera/6.0/Linux/TP3 without or with Javascript (which looks
like not working here) don't proceed because of the local Squid is
blocking  access to port 110, in Netscape 4.78/Linux with Javascript
this given URL is working well, in this case it looks like there is
no request made to port 110.

Perhaps message above is sent by local firewall or proxy.

        Peter

Next message: Clinton Smith: "Re: HTTP 1.1 TRACE Command"
Previous message: Colby Marks: "RE: directory traversal"
In reply to: Patrick Kuiper: "Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)"
Next in thread: Random Chaos: "Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)"
Next in thread: Olivier Faurax: "Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Feb 07 2002 - 23:57:52 PST