[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
From: S G Masood <sgmasood@yahoo.com>
Date: Fri, 12 Dec 2003 11:01:24 -0800 (PST)

Hello,

I was expecting that someone would come up with an
explanation as to why the 0x01 trick works. 0x00,
0x0A, 0x0D causing problems would be understandable
but, 0x01 causing problems is somewhat strange. This
is not the first time IE has a problem with the 0x01
byte embedded in the URL:

[1]http://www.guninski.com/read.html
[2]http://www.guninski.com/scrauto.html

Since he discovered these previous issues, maybe
Guninski has an explanation.

--
S.G.Masood


__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
  - From: Georgi Guninski <guninski@guninski.com>

Prev by Date: Re: [Full-Disclosure] Secunia Advisory: URL Spoofing
Next by Date: [Full-Disclosure] Re: A new TCP/IP blind data injection technique?
Previous by thread: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
Next by thread: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
Index(es):
- Date
- Thread