Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability

From: S . f . Stover (attica_at_stackheap.org)
Date: 12/09/03

  • Next message: S G Masood: "[Full-Disclosure] FWD: Internet Explorer URL parsing vulnerability"
    To: S G Masood <sgmasood@yahoo.com>
    Date: Tue, 9 Dec 2003 09:16:25 -0500
    
    
    

    On 09 Dec 03 10:22:59AM S G Masood[sgmasood@yahoo.com] wrote:
    : ># POC ##########
    : >http://www.zapthedingbat.com/security/ex01/vun1.htm
    :

    Interestingly enough, MSIE for OS X doesn't display this behavior. My address
    bar contained this URL:

    http://www.microsoft.com%01@zapthedingbat.com/security/ex01/vun2.htm

    -- 
    aka Dolph Longhorn
    GPG Key ID: 0xF8F859D0
    http://pgp.mit.edu:11371/pks/lookup?search=0xF8F859D0&op=index
    "There is no such thing as right and wrong, there's just popular opinion."
    -Jeffrey Goines
    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html



  • Next message: S G Masood: "[Full-Disclosure] FWD: Internet Explorer URL parsing vulnerability"