RE: [Full-Disclosure] Locking up Internet Explorer

From: Thor Larholm (thor_at_pivx.com)
Date: 05/12/04

Next message: Alexander Gretencord: "Re: [Full-Disclosure] leaking"

Previous message: Frank Knobbe: "RE: [Full-Disclosure] Avoiding traceability (was: Calculating Loss)"
Maybe in reply to: godwulf_at_gmx.net: "[Full-Disclosure] Locking up Internet Explorer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <godwulf@gmx.net>, <full-disclosure@lists.netsys.com>
Date: Wed, 12 May 2004 10:43:34 -0700

Any link in the form of //something has the current protocol prepended to it. If you are on a HTTP site such as http://microsoft.com and click on a link to //msdn.microsoft.com you are in reality making a request for http://msdn.microsoft.com

/. used to use these links all over the place, to save some bytes I guess.

The results by clicking on your link to //test/test depends on the security zone you are in. If you are in the Internet Zone you will be asking for http://test/test , if you are in the My Computer zone you will be asking for file://test/test which gets translated into \\test\test.

Regards
Thor

        -----Original Message-----
        From: godwulf@gmx.net [mailto:godwulf@gmx.net]
        Sent: Tue 5/11/2004 9:08 AM
        To: full-disclosure@lists.netsys.com
        Cc:
        Subject: [Full-Disclosure] Locking up Internet Explorer

        The following code creates a link that causes Microsoft Internet Explorer to
        lock up. Restarting IE is required after clicking on the link.

        <A HREF="//test/test">Lock up Internet Explorer</A>

        The form of the link just has to be //*/* as far as I tried it. The IE
        version I used was 6.0.2800.1106.xpsp2.030422-1633CO.

        CYA

        --
        "Sie haben neue Mails!" - Die GMX Toolbar informiert Sie beim Surfen!
        Jetzt aktivieren unter http://www.gmx.net/info

        _______________________________________________
        Full-Disclosure - We believe in it.
        Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Alexander Gretencord: "Re: [Full-Disclosure] leaking"

Previous message: Frank Knobbe: "RE: [Full-Disclosure] Avoiding traceability (was: Calculating Loss)"
Maybe in reply to: godwulf_at_gmx.net: "[Full-Disclosure] Locking up Internet Explorer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]