Bugtraq mailing list archives
Re[2]: The Dangers of Allowing Users to Post Images
From: "Alexander K. Yezhov" <admin () leader ru>
Date: Fri, 15 Jun 2001 22:52:40 +0400
Following upon the letter of Friday, June 15, 2001:
RMS> This is a *very* interesting finding. It seems kind of obvious
RMS> too. I wonder why no one seems to have run across it before.
It reminds me "Client Side Trojans" thread. Also similar problem with
authorization have been described at tools-on.net ("Web and your
privacy" section). The problem is that once authorised you don't have
to enter password again if you are redirected to some form inside
protected (via .htaccess, cookie, etc) area.
Best regards, Alexander
---------------------------------------------------------------
MCP+I, MCSE, BrainBench certificates
http://leader.ru http://tools-on.net
---------------------------------------------------------------
Current thread:
- Re: [BUGTRAQ] Re: never-ending Referer arguments (The Dangers of Allowing Users to Post Images), (continued)
- Re: [BUGTRAQ] Re: never-ending Referer arguments (The Dangers of Allowing Users to Post Images) CDI (Jun 22)
- Re: The Dangers of Allowing Users to Post Images John Percival (Jun 22)
- Re: The Dangers of Allowing Users to Post Images Michal Szokolo (Jun 24)
- Re: The Dangers of Allowing Users to Post Images Travis Siegel (Jun 25)
- Re: The Dangers of Allowing Users to Post Images Jeffrey W. Baker (Jun 25)
- Re: The Dangers of Allowing Users to Post Images Sverre H. Huseby (Jun 19)
- Re: The Dangers of Allowing Users to Post Images Henrik Nordstrom (Jun 19)
- Re: The Dangers of Allowing Users to Post Images Brett Lymn (Jun 18)
- Re: The Dangers of Allowing Users to Post Images Marc Slemko (Jun 16)
- Re[2]: The Dangers of Allowing Users to Post Images Alexander K. Yezhov (Jun 16)
- Re: The Dangers of Allowing Users to Post Images Ryan Kennedy (Jun 16)
- Re: The Dangers of Allowing Users to Post Images Peter W (Jun 16)