Vulnerability Development mailing list archives
Re: IE bug (?)
From: syzop <syz () DDS NL>
Date: Tue, 6 Feb 2001 18:39:56 +0100
First of all, I get the same 'result' with %00/ too, I have been sniffing to see what the difference is between (for example) www.chatcity.nl and www.chatcity.nl/%00/, first one gives me a normal page, the %00/ one gives me a blanc page with <HTML></HTML> in the source. Here's the dump: -- http://www.chatcity.nl/ (S=Send, R=Received): -- S> GET / HTTP/1.1 S> Accept: application/msword, image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* S> Accept-Language: nl S> Accept-Encoding: gzip, deflate S> User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98; BCD2000) S> Host: www.chatcity.nl S> Connection: Keep-Alive S> Cookie: ASPSESSIONIDQGGGQQEL=IFPCEBBAAFIAPHNPPOMPDPGP S> R> HTTP/1.1 200 OK R> Server: Microsoft-IIS/4.0 R> Content-Location: http://www.chatcity.nl/Default.htm R> Date: Tue, 06 Feb 2001 17:15:58 GMT R> Content-Type: text/html R> Accept-Ranges: bytes R> Last-Modified: Fri, 17 Nov 2000 14:21:22 GMT R> ETag: "05de6a8a150c01:17b4" R> Content-Length: 822 R> R> <html> R> <head><title>Chatcity - Gezellig chatten</title> etc... -- http://www.chatcity.nl/%00/ (S=Send, R=Received): -- S> GET /%00/ HTTP/1.1 S> Accept: */* S> Accept-Language: nl S> Accept-Encoding: gzip, deflate S> User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows 98; BCD2000) S> Host: www.chatcity.nl S> Connection: Keep-Alive S> Cookie: ASPSESSIONIDQGGGQQEL=IFPCEBBAAFIAPHNPPOMPDPGP S> R> HTTP/1.1 200 OK R> Server: Microsoft-IIS/4.0 R> Content-Location: http://www.chatcity.nl/Default.htm R> Date: Tue, 06 Feb 2001 17:30:49 GMT R> Content-Type: text/html R> Accept-Ranges: bytes R> Last-Modified: Fri, 17 Nov 2000 14:21:22 GMT R> ETag: "05de6a8a150c01:17b4" R> Content-Length: 822 R> R> <html> R> <head><title>Chatcity - Gezellig chatten</title> etc.. I don't see any difference (ok, apart from the date) in the headers&data the server returns, strange... guess it's indeed a browser bug or so... I got the same results on both netscape and iexplore, but with lynx I just get the normal page even with the %00/ or %00+-/. I guess the IIS servers just return a normal page when you add %00/, and the other servers (or at least some/most of them) give an error. Cya Syz. Sardañons, Eliel wrote:
http://www.farmaciastodas.com.ar/%00+-/ http://www.microsoft.com/%00+-/ "%00+-/" I have been trying to know the nature of this bug, but I coultdn't find anything ... I think (I'm sure) that this is a IE bug, but it doesn't work in all the http servers, I have seen that it only work in IIS and, only sometimes. If you can help me. Thanks. Eliel C. Sardañons
Current thread:
- IE bug (?) Sardañons , Eliel (Feb 05)
- Re: IE bug (?) syzop (Feb 06)
- <Possible follow-ups>
- Re: IE bug (?) Sardañons , Eliel (Feb 06)
- Re: IE bug (?) Ian Kayne (Feb 06)