Bugtraq mailing list archives
Re: the other IE cookie stealing bug (MS01-055)
From: CDE Francis <fuy () jhu edu>
Date: Fri, 16 Nov 2001 09:23:10 -0500
At 8:44 PM -0800 2001/11/14, Marc Slemko wrote:
http://passport.com%20.sub.znep.com/cgi-bin/cookies ...will cause IE to connect to the hostname specified, but send the cookies to the server based on the hostname before the "%20"
Once again, I'd like to point out that IE 5 Mac (OS 8/9 or X) is not vulnerable to this attack. Please remember that IE != Windows. :-p -F.
Current thread:
- the other IE cookie stealing bug (MS01-055) Marc Slemko (Nov 15)
- Re: the other IE cookie stealing bug (MS01-055) CDE Francis (Nov 19)