-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 URL: Htmlgear.lycos.com If a malicious user can get the guestbook user to follow a simple link, then they can grab that users htmlgear cookies and possibly use them to authenticate as that user. WORKING EXAMPLE http://htmlgear.lycos.com/guest/control.guest?u=usuario3&i=1&a=viewlert(document.cookie)</script the support of lycos receives a copy of the problem Salu" Pistone - ----------------- www.gauchohack.com.ar -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9MwcyY47Vx76lNPkRApjSAJ9DlpPy4yanxPXKPdy4AGpujFqjeACgoIA2 rixgTR3+M3K29PtPNmGHNEg= =2z2c -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Mon Jul 15 2002 - 11:09:25 PDT