Test Referer with '@'
Target site:
bank.pseudo-flaw.net
Malicious site:
xbank.pseudo-flaw.net
Tests:
normal
with @
refresh
subframe
iframe
test-all
test-all (initial ':')
test-all (all ':')
test-all (all ':'), query
frame2
Originally disclosed at: http://sla.ckers.org/forum/read.php?10,20033,20036