Full Disclosure mailing list archives
Re: MIMESweeper For Web 5.X Cross Site Scripting
From: "Brian Eaton" <eaton.lists () gmail com>
Date: Mon, 10 Jul 2006 08:06:07 -0400
On 7/9/06, Erez Metula <erezmetula () 2bsecure co il> wrote:
An example attack scenario could be that an attacker will redirect many users (by email, posting in the organization portal, etc.) to some blocked URL and an accompanying script that will steal their authentication cookies.
It sounds like the net impact of this vulnerability is that an attacker can steal cookies for a site the user isn't allowed to visit anyway. In other words, there aren't going to be any interesting cookies to steal. Is there more to this attack scenario? Regards, Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MIMESweeper For Web 5.X Cross Site Scripting Erez Metula (Jul 09)
- Re: MIMESweeper For Web 5.X Cross Site Scripting Brian Eaton (Jul 10)
- <Possible follow-ups>
- RE: MIMESweeper For Web 5.X Cross Site Scripting Erez Metula (Jul 10)
- RE: MIMESweeper For Web 5.X Cross Site Scripting Erez Metula (Jul 10)
- RE: MIMESweeper For Web 5.X Cross Site Scripting Lise Moorveld (Jul 13)
- RE: MIMESweeper For Web 5.X Cross Site Scripting Erez Metula (Jul 11)