On 7/9/06, Erez Metula <[EMAIL PROTECTED]> wrote:
An example attack scenario could be that an attacker will redirect many users (by email, posting in the organization portal, etc.) to some blocked URL and an accompanying script that will steal their authentication cookies.
It sounds like the net impact of this vulnerability is that an attacker can steal cookies for a site the user isn't allowed to visit anyway. In other words, there aren't going to be any interesting cookies to steal. Is there more to this attack scenario? Regards, Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
