Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability

From: Exibar (exibar_at_thelair.com)
Date: 12/10/03

  • Next message: William Warren: "Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability"
    To: "VeNoMouS" <venom@gen-x.co.nz>, "S G Masood" <sgmasood@yahoo.com>, <full-disclosure@lists.netsys.com>
    Date: Wed, 10 Dec 2003 10:53:15 -0500
    
    

    ummm, it doesn't seem that is the case. the entire reason for the %01@ is
    to hide the name of the site that you're actually on. In my example of
    www.microsoft.com%01@www.linux.org if you click on that link, then look in
    the address bar, it looks like you're on www.microsoft.com but you're really
    on www.linux.org .

       that is what's stated in the original post.

      Exibar

    ----- Original Message -----
    From: "VeNoMouS" <venom@gen-x.co.nz>
    To: "S G Masood" <sgmasood@yahoo.com>; <full-disclosure@lists.netsys.com>
    Sent: Wednesday, December 10, 2003 3:27 AM
    Subject: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing
    vulnerability

    > pft sif i read the orignal posts
    > ----- Original Message -----
    > From: "S G Masood" <sgmasood@yahoo.com>
    > To: <full-disclosure@lists.netsys.com>
    > Sent: Wednesday, December 10, 2003 8:06 PM
    > Subject: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing
    > vulnerability
    >
    >
    > >
    > > --- VeNoMouS <venom@gen-x.co.nz> wrote:
    > >
    > > >umm tested this you dont need %01
    > > > either btw.
    > > >
    > > > www.microsoft.com@www.linux.org
    > >
    > >
    > > What is your point? Have you read the original post?
    > >
    > >
    > > Apart from this, does anyone have a "lowlevel"
    > > explanation why the %01 trick works?
    > >
    > >
    > > --
    > > iNt27~
    > >
    > >
    > >
    > >
    > >
    > > __________________________________
    > > Do you Yahoo!?
    > > Free Pop-Up Blocker - Get it now
    > > http://companion.yahoo.com/
    > >
    > > _______________________________________________
    > > Full-Disclosure - We believe in it.
    > > Charter: http://lists.netsys.com/full-disclosure-charter.html
    > >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: William Warren: "Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability"