Vulnerability Development mailing list archives

RE: CSS, CSS & let me give you some more CSS

From: "- phinegeek -" <phine () anonymous to>
Date: Fri, 1 Feb 2002 21:44:39 -0800

More interesting are cases where you can actually inject it into a >cookie that the site uses to make it persist.

an exploit that set a msnbc.com cookie


yes and in fact, such a vulnerability still exists on msnbc.com =]
I will not go into detail. However, the bug is real and exists within the cookie that stores your stock symbols on the 
MAIN home page. To exploit this would take great skill, but it can be done as I have tried it already.
Please be advised that msnbc.com has not been notified.

'phine

------------------------------------------------------------
This email was sent through the free email service at http://www.anonymous.to/
To report abuse, please visit our website and click 'Contact Us.'

Current thread:

New thoughts on CSS, (continued)
- - New thoughts on CSS Brett Moore (Feb 01)
    - RE: New thoughts on CSS Matt Dickinson (Feb 01)
    - RE: New thoughts on CSS jon schatz (Feb 01)
    - Re: New thoughts on CSS Blue Boar (Feb 01)
    - Re: New thoughts on CSS Jonas M Luster (Feb 03)
    - RE: New thoughts on CSS other (Feb 02)
  - Re: CSS, CSS & let me give you some more CSS Blake Frantz (Feb 01)
  - Re: CSS, CSS & let me give you some more CSS Andre Mariën (Feb 04)
- RE: CSS, CSS & let me give you some more CSS Brian McWilliams (Feb 01)
  - RE: CSS, CSS & let me give you some more CSS Marc Slemko (Feb 01)
- RE: CSS, CSS & let me give you some more CSS - phinegeek - (Feb 02)