Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
From: S . f . Stover <attica@stackheap.org>
Date: Tue Dec 09 2003 - 08:16:25 CST
Received on Tue Dec 09 13:35:27 2003
Date: Tue Dec 09 2003 - 08:16:25 CST
On 09 Dec 03 10:22:59AM S G Masood[sgmasood@yahoo.com] wrote:
: ># POC ##########
: >http://www.zapthedingbat.com/security/ex01/vun1.htm
:
Interestingly enough, MSIE for OS X doesn't display this behavior. My address
bar contained this URL:
http://www.microsoft.com%01@zapthedingbat.com/security/ex01/vun2.htm
-- aka Dolph Longhorn GPG Key ID: 0xF8F859D0 http://pgp.mit.edu:11371/pks/lookup?search=0xF8F859D0&op=index "There is no such thing as right and wrong, there's just popular opinion." -Jeffrey Goines
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/pgp-signature attachment: stored
This archive was generated by hypermail 2.1.8 : Tue Dec 09 2003 - 14:01:01 CST
Custom Search
