Posted by Ben Lincoln (F7EFC8C9 – FD) on Feb 04

So here’s a possibly stupid question: is this entirely an IE flaw, or is
it tied to the use of Cloudflare by the targeted site as well as the
attacking site?

I ask because:

1 – I tried to reproduce the attack in a number of ways without using
CloudFlare, and was unsuccessful.
2 – Since I don’t have access to a CloudFlare account, I used Burp to do
a find/replace for proxied response headers and bodies on…