Vulnerability Development mailing list archives

Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA)

From: Peter Bieringer <pb () bieringer de>
Date: Fri, 08 Feb 2002 07:43:59 +0100


--On Thursday, February 07, 2002 06:34:00 PM +0100 Patrick Kuiper
<patrick () kuiper nu> wrote:

Netscape® Communicator 4.78 is giving the same error

Exploit Example.
available at
http://eyeonsecurity.net/advisories/showMyCookie.html

FYI: Mozilla 0.9.8+ gives an alert:
"Access to the port number given has been disabled for security
reasons."


Cu Patrick


Not happen here:

While Opera/6.0/Linux/TP3 without or with Javascript (which looks
like not working here) don't proceed because of the local Squid is
blocking  access to port 110, in Netscape 4.78/Linux with Javascript
this given URL is working well, in this case it looks like there is
no request made to port 110.

Perhaps message above is sent by local firewall or proxy.

        Peter

Current thread:

Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA) obscure (Feb 06)
- Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA) Mark Renouf (Feb 07)
  - Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA) Patrick Kuiper (Feb 07)
    - Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA) Peter Bieringer (Feb 07)
    - Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA) Random Chaos (Feb 14)
  - Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA) Olivier Faurax (Feb 07)
  - Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA) Chip McClure (Feb 07)
  - Re: Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA) jon schatz (Feb 07)
- <Possible follow-ups>
- Web Browsers vulnerable to the Extended HTML Form Attack (IE and OPERA) obscure (Feb 11)