Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_4

Bugtraq archives for 4th quarter (Oct-Dec) 1998: Another Netscape 4.07 cache reading bug

Another Netscape 4.07 cache reading bug

Georgi Guninski (guninskiUSA.NET)
Thu, 8 Oct 1998 22:20:19 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Eric: "SCO Openserver 5.0.5 syn-floodable"
Previous message: pedwardWEBCOM.COM: "Re: linux 2.0.35 ip aliasing with aliased hwaddr"
Next in thread: Ken Williams: "Re: Another Netscape 4.07 cache reading bug"

I have found a new bug in Netscape Communicator 4.07, 4.05 (probably others),
which allows reading the user's cache (the URLs the user has visited, including the info in GET forms).
The bug uses Javascript - a link to 'about:<SCRIPT>...javascript code...</SCRIPT>' does the work.

A demo is available at: http://www.freeyellow.com/members5/guninski/ncache.html

Part of the code is borrowed from Dan Brumleve <nothingshout.net>, for better goodies see:
http://www.shout.net/~nothing/son-of-cache-cow/index.html
Workaround: Disable Javascript.

Regards,
Georgi Guninski


____________________________________________________________________
Get free e-mail and a permanent address at http://www.netaddress.com/?N=1

Next message: Eric: "SCO Openserver 5.0.5 syn-floodable"
Previous message: pedwardWEBCOM.COM: "Re: linux 2.0.35 ip aliasing with aliased hwaddr"
Next in thread: Ken Williams: "Re: Another Netscape 4.07 cache reading bug"