JavaScript-in-cookie security hole demo

In a few seconds, you should see the word "Buffer:" in the lower-right frame, followed by the URL of the last bookmark on your bookmarks list. (Go to Communicator -> Bookmarks and look at the bottom of the list to see your browser's list of bookmarks.) That URL was also intercepted by this site and emailed to me.

If you don't believe me :-) email me at bennett@peacefire.org and I'll tell you what the URL for your bookmark is. (Be sure to tell me the IP address and/or hostname of your machine when you visited this page, so I can match it against the bookmark URL that was intercepted.)

This exploit could easily be modified to intercept properties of other HTML files on a user's hard drive, including browser cache files (which would allow your entire surfing history to be visible to a malicious Web site).