[Full-Disclosure] python does mangleme (with IE bugs!)

From: ned (nd_at_felinemenace.org)
Date: 10/24/04

  • Next message: Daniel Veditz: "Re: [Full-Disclosure] Update: Web browsers - a mini-farce (MSIE gives in)" 
    To: bugtraq@securityfocus.com
Date: Sat, 23 Oct 2004 21:36:32 -0700 (PDT)

    i've made a port of mangleme:
    http://felinemenace.org/~nd/htmler.py
    with a few extra quirks (such as file extentions/url types)

    it finds IE bugs after roughly 2.5 -> 3 hours and they are at:
    http://felinemenace.org/~nd/crash_ie/

    They are not the null pointer dereference that Michal found (which
    curiously seems to not own my 6.0.2800.1106.xpsp1?) but some other
    probably non-exploitable problems!

    htmler.py doesn't use CGI like mangleme but generates webpages in the
    directory 'html1' numbered 0.html to n.html. 0.html then uses a refresh to
    load 1.html and so on with little user interaction required!

    anyway, if you find bugs with it, don't sell to anyone/notify vendors!
    - nd 

    -- 
http://felinemenace.org/~nd - "eat a duck"
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
  • Next message: Daniel Veditz: "Re: [Full-Disclosure] Update: Web browsers - a mini-farce (MSIE gives in)"

    Relevant Pages

    • python does mangleme (with IE bugs!)
      ... with a few extra quirks (such as file extentions/url types) ... They are not the null pointer dereference that Michal found (which ... htmler.py doesn't use CGI like mangleme but generates webpages in the ...
      (Bugtraq)
    • python does mangleme (with IE bugs!)
      ... with a few extra quirks (such as file extentions/url types) ... They are not the null pointer dereference that Michal found (which ... htmler.py doesn't use CGI like mangleme but generates webpages in the ...
      (Full-Disclosure)