greek characters buffer overflow, AGAIN!
From: MegaHz (admin@cyhackportal.com)Date: 04/16/02
- Previous message: david evlis reign: "Oracle Databases Allow HTML/SQL injection"
- Next in thread: TanaydIn 'HuzursuZ' $irin: "Re: [VulnWatch] greek characters buffer overflow, AGAIN!"
- Reply: TanaydIn 'HuzursuZ' $irin: "Re: [VulnWatch] greek characters buffer overflow, AGAIN!"
- Reply: xfesty: "Re: greek characters buffer overflow, AGAIN!"
- Reply: Thor Larholm: "RE: greek characters buffer overflow, AGAIN!"
- Reply: DarkeFire: "Re: [VulnWatch] greek characters buffer overflow, AGAIN!"
- Reply: Dustin E. Childers: "Re: greek characters buffer overflow, AGAIN!"
- Reply: muchar78@wp.pl: "Re: greek characters buffer overflow, AGAIN!"
- Reply: MegaHz: "Re: greek characters buffer overflow, AGAIN!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: vuln-dev@securityfocus.com, bugtraq@securityfocus.com, vulnwatch@vulnwatch.org From: "MegaHz" <admin@cyhackportal.com> Date: Tue, 16 Apr 2002 10:40:06 +0100
One year ago I discovered a buffer overflow in the address bar of IE 5.0 using greek characters, look at:
http://www.cyhackportal.com/modules.php?name=News&file=article&sid=81
Today I discover this:
http://www.bestbuy.com.cy/cgi-bin/buy.storefront/<<<áx1388>>>/Product/View/CMPL_00_GDXbox
(do not use: <<<,>>>)
and yes, Internet explorer, exited by itself. Very strange. I don't know why, pls try that
I uploaded here a sample html,
http://megahz.cyhackportal.com/hey.html
I test it out on 3 pcs I have at my work, but there was only one that seemed to have the bug, and resolve on closing the IE.
maybe is bestbuy's problem, and the software they use,
the original url was:
http://www.bestbuy.com.cy/cgi-bin/buy.storefront/3cbbef7d0794c70e27a4c30e950106f2/Product/View/CMPL_00_GDXbox
maybe is storefronts problem...
pls test it out, and let me know,
Thank you,
/*
* Andreas Constantinides (MegaHz)
* http://www.cyhackportal.com
*
*/
- Previous message: david evlis reign: "Oracle Databases Allow HTML/SQL injection"
- Next in thread: TanaydIn 'HuzursuZ' $irin: "Re: [VulnWatch] greek characters buffer overflow, AGAIN!"
- Reply: TanaydIn 'HuzursuZ' $irin: "Re: [VulnWatch] greek characters buffer overflow, AGAIN!"
- Reply: xfesty: "Re: greek characters buffer overflow, AGAIN!"
- Reply: Thor Larholm: "RE: greek characters buffer overflow, AGAIN!"
- Reply: DarkeFire: "Re: [VulnWatch] greek characters buffer overflow, AGAIN!"
- Reply: Dustin E. Childers: "Re: greek characters buffer overflow, AGAIN!"
- Reply: muchar78@wp.pl: "Re: greek characters buffer overflow, AGAIN!"
- Reply: MegaHz: "Re: greek characters buffer overflow, AGAIN!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
