Full Disclosure mailing list archives
RE: Re: Internet Explorer URL parsing vulnerabi lity
From: Frank Knobbe <frank () knobbe us>
Date: Thu, 11 Dec 2003 12:22:04 -0600
On Thu, 2003-12-11 at 11:22, David Vincent wrote:
Try this one: http://petard.freeshell.org/ms-announce.htmldisplayed as "http://www.microsoft.com%01 () slashdot org/" in the latest Firebird 0.7+ nightly.
In addition, Galeon and Ephinany display it like that. No user account warning as with Opera though.
displayed as "http://www.microsoft.com@slashdot.org/" in Opera 7.23 AFTER getting a warning about going to an URL which includes a username. displayed as "http://www.microsoft.com@slashdot.org/" in Avant Browser 8.02 Build 207 displayed as "http://www.microsoft.com" in IE 6.0.2800.1106 all are on W2k Pro SP4 et al.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- RE: Re: Internet Explorer URL parsing vulnerabi lity David Vincent (Dec 10)
- <Possible follow-ups>
- RE: Re: Internet Explorer URL parsing vulnerabi lity David Vincent (Dec 11)
- RE: Re: Internet Explorer URL parsing vulnerabi lity Frank Knobbe (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerabi lity Jim Race (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerabi lity Jim Race (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerabi lity Heikki Toivonen (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerabi lity Dave Sherohman (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerabi lity Nick FitzGerald (Dec 11)
- RE: Re: Internet Explorer URL parsing vulnerabi lity Bill Royds (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerabi lity William Warren (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerabi lity Peter Moody (Dec 11)