|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Valdis.Kletnieks_at_vt.edu
Date: Wed Sep 11 2002 - 15:48:29 CDT
On Wed, 11 Sep 2002 13:25:45 EDT, Michal Zalewski <lcamtuf
dione.ids.pl> said:
> I noticed that Slashdot has a nasty bug, which, I imagine is a fault of
> Slashcode. On certain occassions, you can find a very interesting Referer
> 63.XXX.XXX.175 - - [11/Sep/2002:18:13:33 +0200] "GET /newtcp/ HTTP/1.1"
> 200 33541 "http://slashdot.org/?unickname=dXXg&passwd=rXXXX3"
> "Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.1) Gecko/20020826"
Could this be the same Referer bug just mentioned in:
Subject: Privacy leak in mozilla
From: Sven Neuhaus <snneopoly.com>
Date: Wed, 11 Sep 2002 14:51:12 +0200
....
Demonstration URL:
http://members.ping.de/~sven/mozbug/refcook.html
This is bug 145579 from the bugzilla database. It's a couple of months
old now so I'm disclosing this vulnerability to hopefully initiate the
fixing process.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQE9f6wdcC3lWbTT17ARAtjcAJ9t2S8VN2rqn8p8KbB5K6TM3gUcxACgjeRx
q80Ckm2AK+GcVU52wbas22k=
=uiZ2
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]