When i read George Guninski's article (on his site) about the getobject vulnerability, I wondered how feasible it would be to actually open a temp. internet file... Guess what? It can be done fairly simply. This doesn't seem too bad at first, but because most major webmail msgs are stored in temp. internet files, this causes a pretty vast security glitch. Instead of snitching cookies, somebody can perhaps also read mail that you've already deleted... Not good... Here's some (still somewhat buggy) proof of concept code... for ie6 www.geocities.com/freedatarecovery/hr6.html for ie4 www.geocities.com/freedatarecovery/hr4.html Notes: when prompted, type in getmsg for the dosname (that's the file hotmail uses) or ShowLe for yahoo Many error msgs are going to come up, because this just stabs in the dark to find a msg. Comments, questions? email freewarecollector@hotmail.com +jestar
