hacking security forum

Re: [Full-Disclosure] IE 0x01 Byte URL Spoofing Vulnerability[Scriptless PoC Exploit & Additional Details]

From: Piotr Bulczak <piotr.bulczak@pl.abb.com>
Date: Sat Dec 13 2003 - 05:08:47 CST

> 2. SCRIPTING is NOT NECESSARY to exploit this vulnerability.
> A hex editor can be used to embed the 0x01 byte. See the attached
exploit.

Why hex editor? Just put  code instead.

cheers,
Piotr

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Sat Dec 13 10:08:17 2003

This message: [ Message body ]
Next message: Michael Gale: "Re: [Full-Disclosure] A new TCP/IP blind data injection technique?"
Previous message: Bill Royds: "RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity"
In reply to: S G Masood: "[Full-Disclosure] IE 0x01 Byte URL Spoofing Vulnerability[Scriptless PoC Exploit & Additional Details]"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sat Dec 13 2003 - 11:01:01 CST

Custom Search