Bugtraq mailing list archives
Re: cache cookies?
From: MadHat <madhat () UNSPECIFIC COM>
Date: Fri, 15 Dec 2000 16:46:21 -0800
At 04:37 PM 12/14/2000 -0800, you wrote:
Thomas Reinke <reinke () E-SOFTINC COM> writes: > Actually, it *does* work. We have on our site a > working demonstration of the exploit, showing whether or not > you've visited one or more of more than 80 different well known > sites. The URL is > > http://www.securityspace.com/exploit/exploit_2a.html Using default cache settings and with JavaScript enabled, and without any proxies in the picture, the exploit fails for me, saying "Cache Miss" for all entries, even ones just visited.
Also note that the page claims that all should be there (a "Cache Hit!!!") once you have visited the test site, but just hitting reload showed about 5 or 6 that still showed "Cache Miss" using netscape 4.76 (all default) on Win2k and as I keep hitting reload a different number and different sites show "Cache Miss".
This is with Netscape Communicator 4.75 (I know, still need to upgrade to 4.76 due to the fixed buffer overflows) on Windows NT 4.0 and Netscape Navigator 3.04 on AIX 4.1.5. It did work with Internet Explorer, though. ---------------------------------------------------------------------- Dan Harkless | To prevent SPAM contamination, please dan-bugtraq () dilvish speed net | do not mention this private email SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
-- MadHat at unspecific.com
Current thread:
- Re: cache cookies? Clover Andrew (Dec 14)
- Re: cache cookies? Thomas Reinke (Dec 15)
- Re: cache cookies? James N. Potts (Dec 16)
- Re: cache cookies? Dan Harkless (Dec 16)
- Re: cache cookies? MadHat (Dec 18)
- Re: cache cookies? Steve Shockley (Dec 16)
- Re: cache cookies? Rossen Raykov (Dec 16)
- Re: cache cookies? Nick Lamb (Dec 18)
- Re: cache cookies? Thomas Reinke (Dec 18)
- Re: cache cookies? Kee Hinckley (Dec 16)
- Re: cache cookies? Szilveszter Adam (Dec 18)
- Re: cache cookies? James Taylor (Dec 19)
- Re: cache cookies? Szilveszter Adam (Dec 18)
- <Possible follow-ups>
- Re: cache cookies? Rob Lemos (Dec 18)
- Re: cache cookies? Wham Bang (Dec 18)
- Re: cache cookies? Lincoln Yeoh (Dec 19)
(Thread continues...)
- Re: cache cookies? Thomas Reinke (Dec 15)