hacking security forum

RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity

From: Frank Knobbe <frank@knobbe.us>
Date: Thu Dec 11 2003 - 12:22:04 CST

On Thu, 2003-12-11 at 11:22, David Vincent wrote:
> > Try this one:
> > http://petard.freeshell.org/ms-announce.html
>
> displayed as "http://www.microsoft.com%01@slashdot.org/" in the latest
> Firebird 0.7+ nightly.

In addition, Galeon and Ephinany display it like that. No user account
warning as with Opera though.

>
> displayed as "http://www.microsoft.com@slashdot.org/" in Opera 7.23 AFTER
> getting a warning about going to an URL which includes a username.
>
> displayed as "http://www.microsoft.com@slashdot.org/" in Avant Browser 8.02
> Build 207
>
> displayed as "http://www.microsoft.com" in IE 6.0.2800.1106
>
> all are on W2k Pro SP4 et al.
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Received on Thu Dec 11 12:41:51 2003

This archive was generated by hypermail 2.1.8 : Thu Dec 11 2003 - 13:01:01 CST

Custom Search