Microsoft IIS 4.0/5.0 Session ID Cookie Disclosure Vulnerability

Microsoft IIS 4.0/5.0 Session ID Cookie Disclosure Vulnerability

Mitja Kolsek <mitja.kolsek@acros.si> goes through scenarios in his advisory (see 'Credit' tab) describing how a user could be misled to open a connection to a malicious website and provide a Session ID Cookie.