"netscape navigator" is cracked.

From: Liu Die Yu (liudieyuinchina_at_yahoo.com.cn)
Date: 04/29/03

  • Next message: J.'LoneWolf' Mattsson: "RE: Windows Server 2003 Security Guide available" 
    Date: 29 Apr 2003 09:12:43 -0000
To: bugtraq@securityfocus.com
    ('binary' encoding is not supported, stored as-is)

    ##################
    #
    # Readers' Favorite - Make Notes in Your Browser today!
    # http://liudieyuinchina.vip.sina.com/domex/aPoP/
    # http://domex.int.tc/
    #
    ##################

    "netscape navigator" is cracked.
    ("that's all" is end of file if you are in a hurry)

    [tested]
    OS:Windows Server 2003 Enterprise
    Browser: "Netscape Navigator 7.02"
    "Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.0.2) Gecko/20030208
    Netscape/7.02 "

    [demo]
    at
    http://liudieyuinchina.vip.sina.com/DomainDot/DomainDot-MyPage.htm
    or
    http://umbrella.mx.tc ==> "DomainDot-MyPage" section

    [screenshot]
    at
    http://liudieyuinchina.vip.sina.com/DomainDot/DomainDot-Screenshot.htm
    or
    http://umbrella.mx.tc ==> "DomainDot-Screenshot" section

    [exp]
    URL "http://[Domain]./[DirectoryName]/[FileName]"(one more dot
    after "[Domain]") will actually navigate your browser to:
    "http://[Domain]/[DirectoryName]/[FileName]".
    then "document.domain" is "[Domain]."(one more dot in "document.domain").

    try to execute javascript:
    [CODE.JAVASCRIPT]document.domain=""

    after being set to an empty string, document.domain is auto-caculated to
    be [DirectoryName].
    of course, "[DirectoryName]" can be "www.paypal.com", but you still cannot
    access document at "www.paypal.com" by just having "www.paypal.com"
    as "document.domain".

    now, you make "document.domain" to be "w.www.paypal.com", then set it
    to "www.paypal.com".
    you can access document at "www.paypal.com" now.

    that's all.

    [how]
    do you still remember "IE dot bug"?
    ( http://online.securityfocus.com/archive/1/273168/2002-05-18/2002-05-
    24/0 )

    they are so similar, aren't they?

    [gean]
    i hope you'll get well soon!

    [people]
    wish you all a nice day!

    greetings to:
    Sandblad(the guy who found "IE dot bug"), "the Pull", dror(
    http://www.drorshalev.com/ ), bin, gean, dross and iainm.

    ##################
    #
    # Readers' Favorite - Make Notes in Your Browser today!
    # http://liudieyuinchina.vip.sina.com/domex/aPoP/
    # http://domex.int.tc/
    #
    ##################

    -----
    all mentioned stuff can always be found at:
    Umbrella: MaX TeCh

    http://umbrella.mx.tc

  • Next message: J.'LoneWolf' Mattsson: "RE: Windows Server 2003 Security Guide available"

    Relevant Pages

    • Re: Personals Site - designer needed.
      ... >> 'readers' can interpret Windows based sites quite well now. ... >international w3c standards. ... >> attempted to access the site using Lynx. ... >> compliance with a 'rare' text browser would be worthwhile. ...
      (uk.people.disability)
    • Re: Hello !!
      ... Please set your browser to line wrap at 72 characters. ... use the following Newsgroups line: ... You conserve resources on NNTP servers, and other readers ...
      (comp.security.misc)
    • Re: Google Groups lagging again....
      ... about OFPs posts. ... In my browser there's a button: idiots on / idiots off. ... I have different files in different readers. ...
      (alt.sports.baseball.bos-redsox)
    • PDF file with hyperlinks
      ... I've got a pdf file on my website that has hyperlinks to other ... webpages. ... I want readers to be able to view the pdf in a browser BUT ... when they click on a link NOT open the page in the same browser window. ...
      (microsoft.public.excel.misc)
    • Re: DSL connection solved, but a new issue (2wire 2701-hg)!
      ... IP into the URL field of any browser. ... All routers, with the (so ... email to oshea dot j dot j at gmail dot com. ...
      (comp.sys.mac.system)