Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability

From: Exibar (exibar_at_thelair.com)
Date: 12/10/03

  • Next message: William Warren: "Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability"
    To: "VeNoMouS" <venom@gen-x.co.nz>, "S G Masood" <sgmasood@yahoo.com>, <full-disclosure@lists.netsys.com>
    Date: Wed, 10 Dec 2003 10:53:15 -0500
    
    

    ummm, it doesn't seem that is the case. the entire reason for the %01@ is
    to hide the name of the site that you're actually on. In my example of
    www.microsoft.com%01@www.linux.org if you click on that link, then look in
    the address bar, it looks like you're on www.microsoft.com but you're really
    on www.linux.org .

       that is what's stated in the original post.

      Exibar

    ----- Original Message -----
    From: "VeNoMouS" <venom@gen-x.co.nz>
    To: "S G Masood" <sgmasood@yahoo.com>; <full-disclosure@lists.netsys.com>
    Sent: Wednesday, December 10, 2003 3:27 AM
    Subject: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing
    vulnerability

    > pft sif i read the orignal posts
    > ----- Original Message -----
    > From: "S G Masood" <sgmasood@yahoo.com>
    > To: <full-disclosure@lists.netsys.com>
    > Sent: Wednesday, December 10, 2003 8:06 PM
    > Subject: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing
    > vulnerability
    >
    >
    > >
    > > --- VeNoMouS <venom@gen-x.co.nz> wrote:
    > >
    > > >umm tested this you dont need %01
    > > > either btw.
    > > >
    > > > www.microsoft.com@www.linux.org
    > >
    > >
    > > What is your point? Have you read the original post?
    > >
    > >
    > > Apart from this, does anyone have a "lowlevel"
    > > explanation why the %01 trick works?
    > >
    > >
    > > --
    > > iNt27~
    > >
    > >
    > >
    > >
    > >
    > > __________________________________
    > > Do you Yahoo!?
    > > Free Pop-Up Blocker - Get it now
    > > http://companion.yahoo.com/
    > >
    > > _______________________________________________
    > > Full-Disclosure - We believe in it.
    > > Charter: http://lists.netsys.com/full-disclosure-charter.html
    > >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: William Warren: "Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability"

    Relevant Pages

    • [Full-Disclosure] its all about timing
      ... should be reported first to the vendor! ... H is right, because he disclosed a vulnerability, and disclosing is good. ... I'm a big fan of open disclosure, freedom of speech, etc. ... good reason for the delay (because such reasons could exist, ...
      (Full-Disclosure)
    • Re: Getting Latch when dont want.
      ... > Go back to Pieter's original post and re-read it. ... missed and is the reason for the unwanted latch. ... Functionally it will produce the exact same thing as what I posted above, the only reason that it is 'safer' is that when you write code for an unclocked process it is far too easy to miss assigning some signal in some path through the process which will infer a latch. ... For those that use unclocked processes, the recommended template is to first assign some default value to each and every output of that process and THEN launch into the statements that can have branching. ...
      (comp.lang.vhdl)
    • Re: Who is #3? Kevin McCarthy, Harold Gould, and ???
      ... sequential threes, if for some reason you feel the need to do so, but I ... And none of this addresses the fact that the original post was unclear as ... So the OP *may* have been intending to refer to a theory that, in turn, ... appears pretty much to be either a conspiracy theory of severe ...
      (rec.arts.tv)
    • Re: "normalizing" data
      ...  "2.000" implies that the ... meters, and answered "4.23 meters" on an exam would be marked wrong. ... that is the reason for not "reducing/normalizing" the data ... (as I said in my original post). ...
      (comp.arch.embedded)
    • Re: To reopen or not to reopen?
      ... well for the opponents for the same reason you rate to do well ... The deciding factor for me is vulnerability. ... we are lucky and score +200 on defense then we just won all or nearly ...
      (rec.games.bridge)