[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0406111736400.24668-100000@high-mountain.nihongo.org>
From: snowhare at nihongo.org (Benjamin Franz)
Subject: RE: COELACANTH: Phreak Phishing Expedition]
On Thu, 10 Jun 2004, Thor Larholm wrote:
> It is only after IE has determined what server to request information
> from that it URL decodes the URI and ends up with
> http://www.microsoft.com/redir=www.e-gold.com, which it then displays in
> the Address Bar and subsequently uses to determine what security zone it
> should use to render the HTML. IE only decides what security zone to use
> based on the Address Bar value after it has successfully downloaded all
> of the HTML (untill then it is in the Unknown Zone), at which point the
> URL decoding has long since happened.
Does this affect 'cookie domain' scoping as well? I'm wondering if you
could use a snip of Javascript to steal other-domain cookies directly
with this....
--
Benjamin Franz
Catapultam habeo.
Nisi pecuniam omnem mihi dabis ad capul tuum saxum immane mittam.
(Translation: "I have a catapult. Give me all the money or I will fling
an enormous rock at your head.")
Henry Beard
Powered by blists - more mailing lists