Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: RE: CSS, CSS & let me give you some more CSS

RE: CSS, CSS & let me give you some more CSS

From: - phinegeek - <phine_at_anonymous.to>
Date: Fri, 1 Feb 2002 21:44:39 -0800
('binary' encoding is not supported, stored as-is) >More interesting are cases where you can actually inject it into a >cookie that the site uses to make it persist.
>
>an exploit that set a msnbc.com cookie

yes and in fact, such a vulnerability still exists on msnbc.com =]
I will not go into detail. However, the bug is real and exists within the cookie that stores your stock symbols on the MAIN home page. To exploit this would take great skill, but it can be done as I have tried it already.
Please be advised that msnbc.com has not been notified.

'phine

------------------------------------------------------------
This email was sent through the free email service at http://www.anonymous.to/
To report abuse, please visit our website and click 'Contact Us.'
Received on Feb 02 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos