| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.44.0406111736400.24668-100000@high-mountain.nihongo.org>
Date: Fri, 11 Jun 2004 17:39:24 -0700 (PDT)
From: Benjamin Franz <snowhare@...ongo.org>
To: Thor Larholm <thor@...x.com>
Cc: Drew Copley <dcopley@...e.com>, <full-disclosure@...ts.netsys.com>,
<bugtraq@...urityfocus.com>, <ntbugtraq@...tserv.ntbugtraq.com>
Subject: RE: COELACANTH: Phreak Phishing Expedition]
On Thu, 10 Jun 2004, Thor Larholm wrote:
> It is only after IE has determined what server to request information
> from that it URL decodes the URI and ends up with
> http://www.microsoft.com/redir=www.e-gold.com, which it then displays in
> the Address Bar and subsequently uses to determine what security zone it
> should use to render the HTML. IE only decides what security zone to use
> based on the Address Bar value after it has successfully downloaded all
> of the HTML (untill then it is in the Unknown Zone), at which point the
> URL decoding has long since happened.
Does this affect 'cookie domain' scoping as well? I'm wondering if you
could use a snip of Javascript to steal other-domain cookies directly
with this....
--
Benjamin Franz
Catapultam habeo.
Nisi pecuniam omnem mihi dabis ad capul tuum saxum immane mittam.
(Translation: "I have a catapult. Give me all the money or I will fling
an enormous rock at your head.")
Henry Beard
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists