Vulnerability Development mailing list archives
Re: New thoughts on CSS
From: Blue Boar <BlueBoar () thievco com>
Date: Fri, 01 Feb 2002 19:05:13 -0800
Matt Dickinson wrote:
I saw this recently in a newsgroup, I can't believe it's real, and found no mention when browsing the news sections on either of the company websites. Isn't this a good example?=- Manolo -=| wrote:http://www.microsoft.com&item%3Dq209354@212.254.206.213/1338825GHU_98.as p
That's a different class of problem. As some have already advised, you need to RTFM: http://www.microsoft.com&item=q209354 () hardware no/nyheter/feb01/Q209354%20-%20HOWTO.htm :) The @ is a delimiter between the authentication info, and the rest of the URL. An easier to understand example is http://username:password () www example com This kind of confusion is probably just as effective as a good CSS attack, perhaps even more so. Ever wonder how they got www. () stake com, when @ isn't a legal DNS character? BB
Current thread:
- RE: CSS, CSS & let me give you some more CSS Obscure (Jan 31)
- <Possible follow-ups>
- RE: CSS, CSS & let me give you some more CSS info (Feb 01)
- Re: CSS, CSS & let me give you some more CSS Bill Pennington (Feb 01)
- Re: CSS, CSS & let me give you some more CSS E M (Feb 01)
- Re: CSS, CSS & let me give you some more CSS Sverre H. Huseby (Feb 01)
- New thoughts on CSS Brett Moore (Feb 01)
- RE: New thoughts on CSS Matt Dickinson (Feb 01)
- RE: New thoughts on CSS jon schatz (Feb 01)
- Re: New thoughts on CSS Blue Boar (Feb 01)
- Re: New thoughts on CSS Jonas M Luster (Feb 03)
- RE: New thoughts on CSS other (Feb 02)
- Re: CSS, CSS & let me give you some more CSS Blake Frantz (Feb 01)
- Re: CSS, CSS & let me give you some more CSS Andre Mariƫn (Feb 04)
- RE: CSS, CSS & let me give you some more CSS Brian McWilliams (Feb 01)
- RE: CSS, CSS & let me give you some more CSS Marc Slemko (Feb 01)
- RE: CSS, CSS & let me give you some more CSS - phinegeek - (Feb 02)