[27444] in bugtraq
Who Need Friends ? IE & MSN expose contact list & other info
daemon@ATHENA.MIT.EDU (drorshalev@hotmail.com)
Tue Oct 15 17:46:36 2002
Date: 15 Oct 2002 13:04:43 -0000
Message-ID: <20021015130443.18291.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: <drorshalev@hotmail.com>
To: bugtraq@securityfocus.com
<br>
IE & MSN expose contact list & other info <br>
by spoofing IE security zone using Die Yu Liu % encoding bug (IE 6)<br>
this can lead to Privacy Risk<br>
<br>
MSN Status & hotmail Email Notification exposed by<br>other IE
versions<br><br>
<a target="mySite" href="http://sec.drorshalev.com/dev/friends/">MSN
Contact demo
</a>
<br>
http://sec.drorshalev.com/dev/friends/
<br>
More demos are on <b>http://sec.drorshalev.com</b>
<br>
<br><b>Feel Free to contact me!</b><br>See my <a
href='http://sec.drorshalev.com'>Security WorkShop</a> .<br><br>Dror
Shalev<br><a
href='mailto:drorshalev@hotmail.com?
subject=friends'>drorshalev@hotmail.com</a><br>Are You Safe?
<br><a href='http://www.SafeCenter.NET'
target=_blank>www.SafeCenter.NET</a><br>
