Cookies can render secure websites vulnerable in all modern browsers

KeithP

Diamond Member
Jun 15, 2000
5,661
199
106
When I click on the link, Chrome pops up its file download dialog box and wants to save the file "download.gz" to my system.

If I manually go to that website and click on their "security" button at the top of their page, same thing happens.

Weirdness.

-KeithP
 

Spacehead

Lifer
Jun 2, 2002
13,067
9,858
136
When I click on the link, Chrome pops up its file download dialog box and wants to save the file "download.gz" to my system.

If I manually go to that website and click on their "security" button at the top of their page, same thing happens.

Weirdness.

-KeithP
Same with me on Firefox. Clicking on the link above i get a prompt asking "you have chosen to open" - "application/x-gzip (12.8 KB)"
If i go to 'the stack' & click the security button i get this:
"application/x-gzip (9.9 KB)"
Same prompt, different size.

When i try to allow 'the stack' in NoScript FF crashes.

edit-
clicking any link the 'the stack' page brings up a prompt to save a file
 
Last edited:

Dude111

Golden Member
Jan 19, 2010
1,495
5
81
On IE6 pages on THESTACK work fine.. (They open as they should,no DL box)


I just tested this on davidicke.com/forum/ AND IT DOES NOT WORK!!

I logon here

https://forum.davidicke.com

then i close my browser and open it with http://forum.davidicke.com AND I AM NOT LOGGED IN!!!!!! (I had to go back to https://forum.davidicke.com to see that I had logged in (Cause I logged in on the HTTPS side))


Unless the browser is stupid,it wont let one use/read an HTTPS session cookie on an HTTP session!!
 
Last edited: