Penetration Testing mailing list archives
Re: IE7 add-on
From: Dave Howe <David.Howe () ansgroup co uk>
Date: Thu, 07 Feb 2008 23:34:05 +0000
jason_jones98 () hotmail com wrote:
Log into your bank, open another tab within the window i.e. google. Close the banking tab, hit Alt-X and the 'logged-in' banking window re-opens. I have also attempted this on other applications and the majority work. Can someone advise if M$ have provided us with a great MITM plug-in tool?
Not really. The same effect can be seen if you hit Ctrl-H for a history list, and open the stored page link in the "current" tab. It depends on either a hash token being in the URL, or a session cookie still being current in the cookie-jar as you have not close the browser.
so, yet more evidence for why you should log out and close your browser properly after using internet banking and not mix-and-match tabs, but other than that, nothing spectacular.
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- IE7 add-on jason_jones98 (Feb 07)
- Re: IE7 add-on Adam Thompson (Feb 10)
- RE: IE7 add-on Robert S. Slifkin (Feb 10)
- Re: IE7 add-on Dave Howe (Feb 10)
- <Possible follow-ups>
- Re: IE7 add-on Shaon Diwakar (Feb 10)