lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <024d01c68428$cbb5ded0$7801a8c0@ATROPOS>
Date: Tue May 30 22:00:31 2006
From: oscar.fajardo at ya.com (Oscar Fajardo)
Subject: abnormal behavior Gmail logon

Because "loading.html" is the first HTML page you request via browser when 
you log to gmail:

GET /mail?gxlu=blah&zx=blah HTTP/1.1
POST /accounts/ServiceLoginAuth HTTP/1.1
GET 
/accounts/CheckCookie?continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3F&service=mail&chtml=LoginDoneHtml 
HTTP/1.1
GET /mail/?auth=blah HTTP/1.1
GET /mail/?view=page&name=browser&ver=blah HTTP/1.1
GET /mail/?view=page&name=loading&ver=blah HTTP/1.1
GET /favicon.ico HTTP/1.1
GET /mail/?view=page&name=js&ver=3ee190b6dcef2cf0 HTTP/1.1

******** GET /mail/html/es/loading.html HTTP/1.1

  I suppose that if he tries to get http://somehost/somepage.html the 
behaviour will be the same.

  Regards.

----- Original Message ----- 
From: "Brian Eaton" <eaton.lists@...il.com>
To: "Oscar Fajardo Sanchez" <oscar.fajardo@...sorigin.com>
Cc: <full-disclosure@...ts.grok.org.uk>; <Valdis.Kletnieks@...edu>
Sent: Tuesday, May 30, 2006 10:06 PM
Subject: Re: [Full-disclosure] abnormal behavior Gmail logon


> On 5/30/06, Oscar Fajardo Sanchez <oscar.fajardo@...sorigin.com> wrote:
>>
>>   Take a look at:
>>
>>    HKEY_CURRENT_USER\Software\Classes\.htm
>>
>>   You will see "FirefoxHTML" **if firefox is your default browser**. The 
>> server is
>> just sending a html file, which, according to the registry of the client 
>> machine,
>> has to be rendered by "firefox.exe"
>
> Any idea why the OP isn't seeing this happen on every web page?
>
> - Brian
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ