A cookie has just been set in your browser called 'iebug'.
To see how HTML downloads should be handled, download and open
the below link in Firefox. Click "Open With" Firefox and then "Open".
You should see a pop-up with nothing in it. The script can't see any
cookies from awgh.org.
To see the IE Bug in action, download and open the below link with IE.
This has been tested and verified as still broken in the latest patch
level of IE7 (as of 12/22/08). Click "Open" and you will see a popup
with the stolen cookie!
Here is the link!
To make this file a "download", I added the following to the .htaccess
file:
<FilesMatch "awgh-download.html">
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>
Screencast of this bug in action:
Footnote: Some IE security settings affect how this works. I haven't
tested all variants yet, but it works 100% of the time if the target
site is in the Trusted Sites zone. This isn't much of a safeguard,
since the file will appear to be coming from a site that the user does
trust.