[21065] in bugtraq
Re[2]: The Dangers of Allowing Users to Post Images
daemon@ATHENA.MIT.EDU (Alexander K. Yezhov)
Sat Jun 16 15:03:50 2001
Date: Fri, 15 Jun 2001 22:52:40 +0400
From: "Alexander K. Yezhov" <admin@leader.ru>
Reply-To: "Alexander K. Yezhov" <admin@leader.ru>
Message-ID: <2926741662.20010615225240@leader.ru>
To: bugtraq@securityfocus.com
Cc: rms@privacyfoundation.org (Richard M. Smith)
In-Reply-To: <004201c0f50c$bdf5f740$6501a8c0@rmsnew>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Following upon the letter of Friday, June 15, 2001:
RMS> This is a *very* interesting finding. It seems kind of obvious
RMS> too. I wonder why no one seems to have run across it before.
It reminds me "Client Side Trojans" thread. Also similar problem with
authorization have been described at tools-on.net ("Web and your
privacy" section). The problem is that once authorised you don't have
to enter password again if you are redirected to some form inside
protected (via .htaccess, cookie, etc) area.
Best regards, Alexander
---------------------------------------------------------------
MCP+I, MCSE, BrainBench certificates
http://leader.ru http://tools-on.net
---------------------------------------------------------------
