At 8:44 PM -0800 2001/11/14, Marc Slemko wrote: > http://passport.com%20.sub.znep.com/cgi-bin/cookies > ...will cause IE to connect to the hostname specified, but send the > cookies to the server based on the hostname before the "%20" Once again, I'd like to point out that IE 5 Mac (OS 8/9 or X) is not vulnerable to this attack. Please remember that IE != Windows. :-p -F.
