Re: cache cookies?

[MadHat <madhat () UNSPECIFIC COM>]

At 04:37 PM 12/14/2000 -0800, you wrote:
> Thomas Reinke <reinke () E-SOFTINC COM> writes:
> > Actually, it *does* work.  We have on our site a
> > working demonstration of the exploit, showing whether or not
> > you've visited one or more of more than 80 different well known
> > sites.  The URL is
> >
> >    http://www.securityspace.com/exploit/exploit_2a.html
>
> Using default cache settings and with JavaScript enabled, and without any
> proxies in the picture, the exploit fails for me, saying "Cache Miss" for
> all entries, even ones just visited.

Also note that the page claims that all should be there (a "Cache Hit!!!")
once you have visited the test site, but just hitting reload showed about 5
or 6 that still showed "Cache Miss" using netscape 4.76 (all default) on
Win2k  and as I keep hitting reload a different number and different sites
show "Cache Miss".

> This is with Netscape Communicator 4.75 (I know, still need to upgrade to
> 4.76 due to the fixed buffer overflows) on Windows NT 4.0 and Netscape
> Navigator 3.04 on AIX 4.1.5.
>
> It did work with Internet Explorer, though.
>
> ----------------------------------------------------------------------
> Dan Harkless                   | To prevent SPAM contamination, please
> dan-bugtraq () dilvish speed net  | do not mention this private email
> SpeedGate Communications, Inc. | address in Usenet posts.  Thank you.

--
MadHat at unspecific.com