[4749] in bugtraq
Re: Netscape Exploit SOLVED
daemon@ATHENA.MIT.EDU (John Robert LoVerso)
Fri Jun 20 16:09:37 1997
Date: Fri, 20 Jun 1997 10:33:21 -0400
Reply-To: John Robert LoVerso <loverso@OPENGROUP.ORG>
From: John Robert LoVerso <loverso@OPENGROUP.ORG>
X-To: Yusuf Motiwala <ymotiwala@HSS.HNS.COM>,
Edwin Li-Kai Liu <robin.hood@IBM.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Message from Edwin Li-Kai Liu <robin.hood@IBM.NET>
<33A9A6C8.4EBF2441@ibm.net> .
Yes, Paul's approach only worked when the exploit files were accessed via
"file:".
> The next problem would be, how can we make the client side reload this
> page automatically? There would be several ways to accomplish. It will
> work with JavaScript, but it 'might' also work if the document expiry
> date is specified.
Creating a working exploit that can be remotely loaded isn't difficult.
I sent Paul one on Monday and he called me about his version yesterday.
He is considering releasing it here.
John
