RE: Internet Explorer Document.Open() Without Close() Cookie Stea ling, File Reading, Site Spoofing Bug

From: CDE Francis (fuy@jhu.edu)
Date: 12/26/01

• Previous message: The Death: "RE: IE https certificate attack"
• In reply to: Sid***, Syaefullah: "RE: Internet Explorer Document.Open() Without Close() Cookie Stea ling, File Reading, Site Spoofing Bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 26 Dec 2001 09:48:05 -0500
From: CDE Francis <fuy@jhu.edu>
To: osioniusx@yahoo.com

> > From: the Pull [mailto:osioniusx@yahoo.com]
> >
> > Exploits: http://www.osioniusx.com
> > "cookieStealing.html" - This opens Yahoo.com and
>> steals the cookie.
>> "FileReading.html" - This opens up C:\test.txt and
>> then reads it.
> > "SiteSpoofing.html" - This spoofs www.chase.com --

None of the exploits at osioniusx.com work on IE 5.x for MacOS.

-- 
Francis Uy, Web Coordinator http://www.cty.jhu.edu/cde/ 410-516-0162

---

• Previous message: The Death: "RE: IE https certificate attack"
• In reply to: Sid***, Syaefullah: "RE: Internet Explorer Document.Open() Without Close() Cookie Stea ling, File Reading, Site Spoofing Bug"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2001-12