[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <242a0a8f0607100506w15abb842m76400c4cdd30cbee@mail.gmail.com>
Date: Mon Jul 10 13:06:16 2006
From: eaton.lists at gmail.com (Brian Eaton)
Subject: MIMESweeper For Web 5.X Cross Site Scripting
On 7/9/06, Erez Metula <erezmetula@...ecure.co.il> wrote:
> An example attack scenario could be that an attacker will redirect many
> users (by email, posting in the organization portal, etc.) to some blocked
> URL and an accompanying script that will steal their authentication cookies.
It sounds like the net impact of this vulnerability is that an
attacker can steal cookies for a site the user isn't allowed to visit
anyway. In other words, there aren't going to be any interesting
cookies to steal. Is there more to this attack scenario?
Regards,
Brian
Powered by blists - more mailing lists