[18096] in bugtraq
Re: cache cookies?
daemon@ATHENA.MIT.EDU (Dan Harkless)
Fri Dec 15 16:14:37 2000
Message-Id: <200012150037.QAA15722@dilvish.speed.net>
Date: Thu, 14 Dec 2000 16:37:37 -0800
Reply-To: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
From: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Message from Thomas Reinke <reinke@E-SOFTINC.COM> of "Thu, 14 Dec
2000 02:06:48 EST." <3A387188.DD6441FB@e-softinc.com>
Thomas Reinke <reinke@E-SOFTINC.COM> writes:
> Actually, it *does* work. We have on our site a
> working demonstration of the exploit, showing whether or not
> you've visited one or more of more than 80 different well known
> sites. The URL is
>
> http://www.securityspace.com/exploit/exploit_2a.html
Using default cache settings and with JavaScript enabled, and without any
proxies in the picture, the exploit fails for me, saying "Cache Miss" for
all entries, even ones just visited.
This is with Netscape Communicator 4.75 (I know, still need to upgrade to
4.76 due to the fixed buffer overflows) on Windows NT 4.0 and Netscape
Navigator 3.04 on AIX 4.1.5.
It did work with Internet Explorer, though.
----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
dan-bugtraq@dilvish.speed.net | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
