Re: COELACANTH: Phreak Phishing Expedition]

• Previous message: http-equiv_at_excite.com: "SECURE SOCKETS LAYER COELACANTH: Phreak Phishing Expedition"
• In reply to: Thor Larholm: "Re: COELACANTH: Phreak Phishing Expedition]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Fri, 11 Jun 2004 17:39:24 -0700
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

On Thu, 10 Jun 2004, Thor Larholm wrote:

> It is only after IE has determined what server to request information
> from that it URL decodes the URI and ends up with
> http://www.microsoft.com/redir=www.e-gold.com, which it then displays in
> the Address Bar and subsequently uses to determine what security zone it
> should use to render the HTML. IE only decides what security zone to use
> based on the Address Bar value after it has successfully downloaded all
> of the HTML (untill then it is in the Unknown Zone), at which point the
> URL decoding has long since happened.

Does this affect 'cookie domain' scoping as well? I'm wondering if you
could use a snip of Javascript to steal other-domain cookies directly
with this....

--
Benjamin Franz
Catapultam habeo.
Nisi pecuniam omnem mihi dabis ad capul tuum saxum immane mittam.
(Translation: "I have a catapult. Give me all the money or I will fling
 an enormous rock at your head.")
                                        Henry Beard
-----
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you''ll have to copy their email address out of the message and place it in your TO: field.
-----

• Previous message: http-equiv_at_excite.com: "SECURE SOCKETS LAYER COELACANTH: Phreak Phishing Expedition"
• In reply to: Thor Larholm: "Re: COELACANTH: Phreak Phishing Expedition]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [Full-Disclosure] RE: COELACANTH: Phreak Phishing Expedition] ... > from that it URL decodes the URI and ends up with ... > the Address Bar and subsequently uses to determine what security zone it ... IE only decides what security zone to use ... Catapultam habeo. ... (Full-Disclosure) Re: Strange behavior of showModalDialog/showModelessDialog on WinXP SP2/IE 6 SP2. ... The status bar tells users a lot of important things that can help them ... determine if the page is legitimate, like the security zone, blocked ... an application out of a browser, I agree that it lets more of the browser ... > to less than trusted security zones, all focused on making it more ... (microsoft.public.scripting.jscript) Re: File links will not work in Internet Explorer ... > IE 6.0 Service Pack2 ... > address bar it will open the file, but if you try to click on the link it ... What is the security zone of the page which contains the link? ... Prev by Date: ... (microsoft.public.windows.inetexplorer.ie6.browser)