Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
Date: Tue Dec 09 2003 - 14:56:41 CST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday 09 December 2003 06:16, S . f . Stover wrote:
> On 09 Dec 03 10:22:59AM S G Masood[sgmasood@yahoo.com] wrote:
> : ># POC ##########
> : >http://www.zapthedingbat.com/security/ex01/vun1.htm
>
> Interestingly enough, MSIE for OS X doesn't display this behavior. My
> address bar contained this URL:
>
> http://www.microsoft.com%01@zapthedingbat.com/security/ex01/vun2.htm
Funny. Works in Konqueror under KDE on Linux and xBSD. This is CVS HEAD from
early November - just before the KDE 3.2 Beta 2 tag.
Screenie attached as .png
- --Jeremiah
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/1jcSJi2cv3XsiSARAm7rAKDfjAeQOGgBGiMOkFMa9icoALAtIgCeLxLo
q+pdvLQYt1FCPkTX3eOsQz8=
=aUtf
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2.1.8 : Tue Dec 09 2003 - 20:01:01 CST
