Full Disclosure mailing list archives

RE: COELACANTH: Phreak Phishing Expedition]

From: Benjamin Franz <snowhare () nihongo org>
Date: Fri, 11 Jun 2004 17:39:24 -0700 (PDT)

On Thu, 10 Jun 2004, Thor Larholm wrote:

It is only after IE has determined what server to request information
from that it URL decodes the URI and ends up with
http://www.microsoft.com/redir=www.e-gold.com, which it then displays in
the Address Bar and subsequently uses to determine what security zone it
should use to render the HTML. IE only decides what security zone to use
based on the Address Bar value after it has successfully downloaded all
of the HTML (untill then it is in the Unknown Zone), at which point the
URL decoding has long since happened.


Does this affect 'cookie domain' scoping as well? I'm wondering if you 
could use a snip of Javascript to steal other-domain cookies directly 
with this....

-- 
Benjamin Franz

Catapultam habeo. 

Nisi pecuniam omnem mihi dabis ad capul tuum saxum immane mittam.

(Translation: "I have a catapult. Give me all the money or I will fling 
 an enormous rock at your head.")
                                        Henry Beard

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: COELACANTH: Phreak Phishing Expedition] Thor Larholm (Jun 10)
- RE: COELACANTH: Phreak Phishing Expedition] Jelmer (Jun 11)
- RE: COELACANTH: Phreak Phishing Expedition] Benjamin Franz (Jun 11)
- <Possible follow-ups>
- RE: COELACANTH: Phreak Phishing Expedition] Drew Copley (Jun 11)
- RE: COELACANTH: Phreak Phishing Expedition] Drew Copley (Jun 21)
  - RE: COELACANTH: Phreak Phishing Expedition] Jelmer (Jun 23)