Ie6 password input problem
From: Philip Wagenaar (PB.Wagenaar@Chello.NL)Date: 11/19/01
- Previous message: Larry W. Cashdollar: "Re: New bugs discovered!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Philip Wagenaar" <PB.Wagenaar@Chello.NL> To: <vuln-dev@securityfocus.com> Subject: Ie6 password input problem Date: Mon, 19 Nov 2001 04:29:55 +0100 Message-ID: <001201c170aa$78eb43c0$5241bbd4@www>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
This is about IE6 (othersIE versions?) crashing after loading an html
page with a password input field with a value=" " option containing
1,000,000 X's (value option means that it will put that in the field
when you load the page). I have tested this myself with a simple html
file containing maxlength
<INPUT Name="PasswordProvided" Value="xxxxx... Size="1000000"
MAXLENGTH="1000000"> <INPUT Name="PasswordProvided_required"
Type="HIDDEN" Value="You must provide a password.">
Note that I forgot to end the value with ", so size= should be seen
as part of the value in IE6, and the rest should create an
error/warning when loading the page.
I've received several reports of the page loading ok in windows 98,
but that it crashes and consumes 100% cpu in windows2000/winxp (the
page never crashed in win98 but always in win2k/winxp).
I`m not sure what to do with this information. I`m just a computer
science student with a interest in security. Can anyone tell what to
do to test this further? And I would appreciate it if other would try
loading a similar page and mail the result.
Philip Wagenaar
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3
iQA/AwUBO/h8ss4JcipDIO8UEQLRaACgvd9eJxclRShJxxp1NiP3r5EWzuoAn0RU
Xw/lLXr087tYGrOvwR84MBHL
=ohSj
-----END PGP SIGNATURE-----
- Previous message: Larry W. Cashdollar: "Re: New bugs discovered!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
