[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] RE: COELACANTH: Phreak Phishing Expedition]

To: Thor Larholm <thor@xxxxxxxx>
Subject: [Full-Disclosure] RE: COELACANTH: Phreak Phishing Expedition]
From: Benjamin Franz <snowhare@xxxxxxxxxxx>
Date: Fri, 11 Jun 2004 17:39:24 -0700 (PDT)

On Thu, 10 Jun 2004, Thor Larholm wrote:

> It is only after IE has determined what server to request information
> from that it URL decodes the URI and ends up with
> http://www.microsoft.com/redir=www.e-gold.com, which it then displays in
> the Address Bar and subsequently uses to determine what security zone it
> should use to render the HTML. IE only decides what security zone to use
> based on the Address Bar value after it has successfully downloaded all
> of the HTML (untill then it is in the Unknown Zone), at which point the
> URL decoding has long since happened.

Does this affect 'cookie domain' scoping as well? I'm wondering if you 
could use a snip of Javascript to steal other-domain cookies directly 
with this....

-- 
Benjamin Franz

Catapultam habeo. 

Nisi pecuniam omnem mihi dabis ad capul tuum saxum immane mittam.

(Translation: "I have a catapult. Give me all the money or I will fling 
 an enormous rock at your head.")
                                        Henry Beard

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] RE: COELACANTH: Phreak Phishing Expedition]
  - From: Thor Larholm

Prev by Date: RE: [Full-Disclosure] RE: SECURE SOCKETS LAYER COELACANTH: Phreak Phishing Expedition
Next by Date: RE: [Full-Disclosure] RE: SECURE SOCKETS LAYER COELACANTH: Phreak Phishing Expedition
Previous by thread: [Full-Disclosure] RE: COELACANTH: Phreak Phishing Expedition]
Next by thread: [Full-Disclosure] RE: COELACANTH: Phreak Phishing Expedition]
Index(es):
- Date
- Thread