Full Disclosure mailing list archives
RE: COELACANTH: Phreak Phishing Expedition]
From: Benjamin Franz <snowhare () nihongo org>
Date: Fri, 11 Jun 2004 17:39:24 -0700 (PDT)
On Thu, 10 Jun 2004, Thor Larholm wrote:
It is only after IE has determined what server to request information from that it URL decodes the URI and ends up with http://www.microsoft.com/redir=www.e-gold.com, which it then displays in the Address Bar and subsequently uses to determine what security zone it should use to render the HTML. IE only decides what security zone to use based on the Address Bar value after it has successfully downloaded all of the HTML (untill then it is in the Unknown Zone), at which point the URL decoding has long since happened.
Does this affect 'cookie domain' scoping as well? I'm wondering if you could use a snip of Javascript to steal other-domain cookies directly with this.... -- Benjamin Franz Catapultam habeo. Nisi pecuniam omnem mihi dabis ad capul tuum saxum immane mittam. (Translation: "I have a catapult. Give me all the money or I will fling an enormous rock at your head.") Henry Beard _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: COELACANTH: Phreak Phishing Expedition] Thor Larholm (Jun 10)
- RE: COELACANTH: Phreak Phishing Expedition] Jelmer (Jun 11)
- RE: COELACANTH: Phreak Phishing Expedition] Benjamin Franz (Jun 11)
- <Possible follow-ups>
- RE: COELACANTH: Phreak Phishing Expedition] Drew Copley (Jun 11)
- RE: COELACANTH: Phreak Phishing Expedition] Drew Copley (Jun 21)
- RE: COELACANTH: Phreak Phishing Expedition] Jelmer (Jun 23)