[8140] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Another Netscape 4.07 cache reading bug

daemon@ATHENA.MIT.EDU (Georgi Guninski)
Thu Oct 8 22:33:21 1998

Date: 	Thu, 8 Oct 1998 22:20:19 -0400
Reply-To: Georgi Guninski <guninski@USA.NET>
From: Georgi Guninski <guninski@USA.NET>
To: BUGTRAQ@NETSPACE.ORG

I have found a new bug in Netscape Communicator 4.07, 4.05 (probably others),
which allows reading the user's cache (the URLs the user has visited, including the info in GET forms).
The bug uses Javascript - a link to 'about:<SCRIPT>...javascript code...</SCRIPT>' does the work.

A demo is available at: http://www.freeyellow.com/members5/guninski/ncache.html

Part of the code is borrowed from Dan Brumleve <nothing@shout.net>, for better goodies see:
http://www.shout.net/~nothing/son-of-cache-cow/index.html
Workaround: Disable Javascript.

Regards,
Georgi Guninski

____________________________________________________________________
Get free e-mail and a permanent address at http://www.netaddress.com/?N=1


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[8140] in bugtraq

Another Netscape 4.07 cache reading bug

daemon@ATHENA.MIT.EDU (Georgi Guninski)Thu Oct 8 22:33:21 1998

daemon@ATHENA.MIT.EDU (Georgi Guninski)
Thu Oct 8 22:33:21 1998