Re: IE7 add-on

["Adam Thompson" <adwulf () gmail com>]

This happens because you're still logged in to the banking site.  If
you don't logoff, the session is still active.

This would work the same with two windows or tabs in ANY browser.  How
do you plan to exploit this as MITM?

On 7 Feb 2008 14:34:00 -0000, jason_jones98 () hotmail com
<jason_jones98 () hotmail com> wrote:
> Hi.
>
>
> I have just loaded the ie7 add-on 'open-last-tab', has anyone else had a play with this? From initial results i have 
> found this to be a great 'man-in-the-middle' attack tool.
>
>
> Example on Bank site(no-names):
>
>
> Log into your bank, open another tab within the window i.e. google. Close the banking tab, hit Alt-X and the 
> 'logged-in' banking window re-opens. I have also attempted this on other applications and the majority work. Can 
> someone advise if M$ have provided us with a great MITM plug-in tool?
>
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------


-- 
AdamT
"I've had death threats - well, OK, a petition."
 - Jack Dee

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------