[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
From: Jeremiah Cornelius <jeremiah@nur.net>
Date: Tue, 9 Dec 2003 12:56:41 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 09 December 2003 06:16, S . f . Stover wrote:
> On 09 Dec 03 10:22:59AM S G Masood[sgmasood@yahoo.com] wrote:
> : ># POC ##########
> : >http://www.zapthedingbat.com/security/ex01/vun1.htm
>
> Interestingly enough, MSIE for OS X doesn't display this behavior.  My
> address bar contained this URL:
>
> http://www.microsoft.com%01@zapthedingbat.com/security/ex01/vun2.htm

Funny.  Works in Konqueror under KDE on Linux and xBSD.  This is CVS HEAD from 
early November - just before the KDE 3.2 Beta 2 tag.

Screenie attached as .png

- --Jeremiah
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/1jcSJi2cv3XsiSARAm7rAKDfjAeQOGgBGiMOkFMa9icoALAtIgCeLxLo
q+pdvLQYt1FCPkTX3eOsQz8=
=aUtf
-----END PGP SIGNATURE-----

Attachment: funny-konq-ms.png
Description: PNG image

References:
- [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
  - From: S G Masood <sgmasood@yahoo.com>
- Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
  - From: "S . f . Stover" <attica@stackheap.org>

Prev by Date: [Full-Disclosure] Re: Yahoo Instant Messenger YAUTO.DLL buffer overflow
Next by Date: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
Previous by thread: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
Next by thread: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
Index(es):
- Date
- Thread