Actually there is a limit of 20 cokies per web server. I will have to check to see if there is a limit on the size of the cookie. And no you dont need a Netscape server. Its just another HTTP header. What about this: downloading a encoded picture contating graphic description of sex with minors. Would the FBI go around checking peoples cookie files and busting them? Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 On Tue, 26 Sep 1995, Alan Olsen wrote:
obNetscapeHack: There is a feature called a "cookie file" in Netscape that is ripe for exploitation as a security leak. If you are using a Netscape server (and you may not even need that), you can feed all sorts of information into it without the user's knowlege. I have heard of one page that overloads the cookie file until the machine runs out of drive space. I am sure that there are other exploitable holes there... Any takers?