[264] in Best-of-Security
BoS: Re: Netscape exploit solved
daemon@ATHENA.MIT.EDU (Paul T. Kooros)
Tue Jun 24 05:48:10 1997
Date: Mon, 23 Jun 1997 19:20:50 -0600
Reply-To: "Paul T. Kooros" <kooros@TITAN.SRRB.NOAA.GOV>
From: "Paul T. Kooros" <kooros@TITAN.SRRB.NOAA.GOV>
Errors-To: best-of-security-request@suburbia.net
To: best-of-security@suburbia.net
Resent-From: best-of-security@suburbia.net
Hi,
Since apparently others have posted solutions, here is mine.
As I have mentioned to certain individuals previously, where I previously
thought other methods of triggering the form-order reload bug were
implicated (<META TYPE="refresh" CONTENT="1"> or Java JSObject called
form reload) they seem not to trigger the bug. Perhaps it is a "dirty"
flag on cache objects that was not set in one case.
Please, again, do not allow this information to fall into evil hands,
or use it for evil yourself.
http://www.kooros.com/fupldtest/nsbug.html
Thanks.
-Paul.
P.S. The web site is at the end of a slow line, and serves only this purpose.
