Re: Getting round website authentication with Firefox
From: Shalom Carmel (shalom_at_venera.com)
Date: 07/27/05
- Previous message: Bret Morey: "RE: Peter Gutmann data deletion theaory?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <bugtraq@securityfocus.com> Date: Wed, 27 Jul 2005 22:27:48 +0300
Actually, this is a "feature" of most if not all browsers, that have no way
to logout of URLs protected
by HTTP basic authentication.
Try to completely close all browser instances between the two attempts and
you will discover that
firefox asks for a login in all cases.
Shalom Carmel
----------------
www.venera.com - Exposing iSeries insecurity
----- Original Message -----
>Using firefox's "save target as" feature, you can get round web
authentication.
>
>Make a password protected directory (with a video file inside) (using
.htaccess and htpasswd),
>check that it actully requires a login when you click the link to the video
normally,
>then create a hyperlink to the file, right click save as - oh snap, it
doesn't ask for authentication.
>
>I've only tested it with a video file and Firefox 1.0.6.
- Previous message: Bret Morey: "RE: Peter Gutmann data deletion theaory?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
