Full Disclosure mailing list archives
Re: RE: FWD: Internet Explorer URL parsing vulnerability
From: "Clint Bodungen" <clint () secureconsulting com>
Date: Tue, 9 Dec 2003 15:30:00 -0600
Well, using a straight link like the following works in an HTML email... but not on a web page: <a href="http://www.microsoft.com%01 () www linux org">Microsoft</a> However, using this approach still allows the user to see the absolute URL path in the task bar (with the %01 ommitted). On the other hand... using the button and "unescape()" approach such as the original example from this thread works from a web page but not from an HTML email. ----- Original Message ----- From: "S G Masood" <sgmasood () yahoo com> To: "Exibar" <exibar () thelair com>; <full-disclosure () lists netsys com> Sent: Tuesday, December 09, 2003 1:00 PM Subject: Re: [Full-disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
--- Exibar <exibar () thelair com> wrote:my favorite will be this one that I'm sure will circulate: http://www.microsoft.com%01 () www linux org :-)http://www.microsoft.com%01 () www linux org wont work until you unescape('http://www.microsoft.com%01 () www linux org');
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- Re: Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S . f . Stover (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Jeremiah Cornelius (Dec 09)
- <Possible follow-ups>
- FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Nick FitzGerald (Dec 09)
- RE: RE: FWD: Internet Explorer URL parsing vulnerability Chris S (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Michal Zalewski (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Nick FitzGerald (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 09)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 09)
- RE: FWD: Internet Explorer URL parsing vulnerability Julian HO Thean Swee (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 09)
(Thread continues...)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)