|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: IE cookies security
From: Andrew Tanas (andrew
OK.MD)Date: Thu May 11 2000 - 17:39:39 CDT
- Next message: Marc Slemko: "Re: IE cookies security"
- Previous message: Malcolm Gin: "Re: Cold Fusion Server 4.5.1 DoS Vulnerability."
- Next in thread: Hunter, Ian: "Re: IE cookies security"
- Maybe reply: Andrew Tanas: "Re: IE cookies security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Actually, after some thinking I agree with you. It's possible.
Then you should disable not only javascript, but VBScript also.
> I think that exploit page, was designed simply to demonstrate that it's
> possible. There wasn't any intent to actually take advantage of the
users.
> Is there any reason that the same code couldn't be modified to send the
> results back, while doing something innocuous on the users screen?
- Next message: Marc Slemko: "Re: IE cookies security"
- Previous message: Malcolm Gin: "Re: Cold Fusion Server 4.5.1 DoS Vulnerability."
- Next in thread: Hunter, Ian: "Re: IE cookies security"
- Maybe reply: Andrew Tanas: "Re: IE cookies security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]