[18102] in bugtraq
Re: cache cookies?
daemon@ATHENA.MIT.EDU (Steve Shockley)
Fri Dec 15 17:07:33 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <000601c066ba$f21e8310$05b0c0d8@leviathan>
Date: Fri, 15 Dec 2000 12:17:46 -0500
Reply-To: Steve Shockley <Steve.Shockley@SHOCKLEY.NET>
From: Steve Shockley <Steve.Shockley@SHOCKLEY.NET>
X-To: Thomas Reinke <reinke@E-SOFTINC.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <3A387188.DD6441FB@e-softinc.com>
Content-Transfer-Encoding: 8bit
> Actually, it *does* work. We have on our site a
> working demonstration of the exploit, showing whether or not
> you've visited one or more of more than 80 different well
> known sites. The URL is
>
> http://www.securityspace.com/exploit/exploit_2a.html
Using IE 5.5sp1, I seem to have been able to foil your exploit by checking "Empty Temporary Internet Files when browser is closed" on the Advanced tab. (I do that for performance reasons, since I don't like having thousands of small files clogging my hard drive.)
Also, as Clover Andrew mentioned, the detection script itself caches the images, so it's a one-time shot.
