hacking security forum

Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity

From: Peter Moody <peter@ucsc.edu>
Date: Thu Dec 11 2003 - 16:24:26 CST

On Thu, 2003-12-11 at 12:55, William Warren wrote:
> mozilla 1.6a
>
> http://www.microsoft.com%01@slashdot.org/
> (that is in the address bar) and slashdot comes up in the browser window..

in 1.6b slashdot is downloaded/rendered and
http://www.microsoft.com%01@slashdot.org/
is displayed in the address bar.

-Peter

-- 
Peter Moody                             <peter@ucsc.edu>
Information Security Administrator      831/459.5409
Communications and Technology Services. UC, Santa Cruz.
http://security.ucsc.edu/pgp/peter.moody.pub
:wq

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Received on Thu Dec 11 16:53:07 2003

This archive was generated by hypermail 2.1.8 : Thu Dec 11 2003 - 17:01:01 CST

Custom Search