Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability

From: petard (petard_at_freeshell.org)
Date: 12/11/03

  • Next message: David Vincent: "RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity"
    To: "Funk Jr, Joseph C." <jcfunkjr@co.bucks.pa.us>
    Date: Thu, 11 Dec 2003 16:38:19 +0000
    
    

    On Thu, Dec 11, 2003 at 10:26:06AM -0500, Funk Jr, Joseph C. wrote:
    > Works fine for me same version IE6.0.2800.1106.xpsp2. Sends me to https://paypal.com Although I did notice that the <button> seems to be a requirement for this vulnerability to work, as using a plain hyperlink <a href> fails for me.
    >
    Try this one:
    http://petard.freeshell.org/ms-announce.html

    regards,
    petard

    --
    If your message really might be confidential, download my PGP key here:
    http://petard.freeshell.org/petard.asc
    and encrypt it. Otherwise, save bandwidth and lose the disclaimer.
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: David Vincent: "RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity"