Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

XiRCON && Internet Explorer exposing Cookies

From: "Damian Finol" <damian () ve net>
Date: Thu, 9 May 2002 00:08:38 -0400
Hello,
Searching through my XiRCON logs, i found out something really weird.
For some odd reason, if XiRCON crashes, and there is an Internet Explorer
session opened, it's most likely the cookies will be stored in the channel
logs of XiRCON.
Like this:
1
infoguia.net/foros/cgi-bin/
1600
1437513728
29558082
3714499824
29484655
*
DaysPrune
365
infoguia.net/foros/cgi-bin/
1600
736077824
29528531
3010503920
29455105
*
NameStorage
yes
infoguia.net/foros/cgi-bin/
1600
736077824
29528531
3016013920
29455105
*
UserName
Maquiavelo (My username stored in a cookie)
infoguia.net/foros/cgi-bin/
1600
1437513728
29558082
3713999824
29484656
*
Password
xxxxx (my password in clear text)
infoguia.net/foros/cgi-bin/
1600
1437513728
29558082
3714299824
29484656
*
lastLogin
2452381.1156
infoguia.net/foros/cgi-bin/
1600
2138552832
29557808
114391632
29484383

Also, some other garbage, including some calls to MSN hotmail/messenger  (my
MSN Passport data encrypted?).
I'm using the latest XiRCON with Kano script (conio theme).
Anyone can replicate it?.
D.
Previous By Date Next
Previous By Thread Next

Current thread: