Vulnerability Development mailing list archives
Re: /instmsg/alias/annoying_web_logs ;)
From: Dave Aitel <dave () immunitysec com>
Date: 15 Oct 2002 10:09:00 -0400
Exchange and MSN Messanger are the top leads so far. :> Someone install MSN Messanger and find out! (Doesn't ANYONE run that thing?) :> -dave On Tue, 2002-10-15 at 10:05, zeno wrote:
I get billions of these things too, its part of some MSN groups/chat thing, essentially it takes requests the "alias" of the email address (dave () immunitysec com => /instmsg/alias/dave). Might be fun to send backThese things are damn annoying. I get probably 5 of these a day and 1 person keeps checking me every few hours.some looooong responses ;) My favorites are all the ones that originate from microsoft "tide" addresses... They send me some funny referrers from their intranet servers once in a while too.Ha.--- "Immunity also gets a lot of requests for /instmsg/alias/dave, which doesn't exist. I'm curious what web client plugin causes this behavior. And, I've noticed FrontPage makes PROPFIND, /_vti_bin/shtml.dll, and other FrontPage-style requests. Somewhere here I smell an exploitable client-side vulnerability." ---I'm curious do we know this is MSN messanger? Anybody else know if AIM or another client sends these requests? - zeno
-- Dave Aitel <dave () immunitysec com> Immunity, Inc
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- RE: CROSS SITE-SCRIPTING Protection with PHP, (continued)
- RE: CROSS SITE-SCRIPTING Protection with PHP Rob Shein (Oct 14)
- Re: CROSS SITE-SCRIPTING Protection with PHP Sverre H. Huseby (Oct 14)
- Re: CROSS SITE-SCRIPTING Protection with PHP Sverre H. Huseby (Oct 14)
- Re: CROSS SITE-SCRIPTING Protection with PHP Valdis . Kletnieks (Oct 14)
- Re: CROSS SITE-SCRIPTING Protection with PHP Dan Kaminsky (Oct 14)
- Hashes,File protection,etc Dave Aitel (Oct 14)
- Re: Hashes,File protection,etc Dan Kaminsky (Oct 14)
- Re: Hashes,File protection,etc Dave Aitel (Oct 14)
- /instmsg/alias/annoying_web_logs ;) H D Moore (Oct 15)
- Re: /instmsg/alias/annoying_web_logs ;) zeno (Oct 15)
- Re: /instmsg/alias/annoying_web_logs ;) Dave Aitel (Oct 15)
- Re: /instmsg/alias/annoying_web_logs ;) zeno (Oct 15)
- RE: /instmsg/alias/annoying_web_logs ;) Elan Hasson (Oct 15)
- RE: /instmsg/alias/annoying_web_logs ;) Dave Aitel (Oct 16)
- Re: /instmsg/alias/annoying_web_logs ;) zeno (Oct 16)
- Re: /instmsg/alias/annoying_web_logs ;) Chip McClure (Oct 15)
- RE: /instmsg/alias/annoying_web_logs ;) Shawn K. Hall (RA/Security) (Oct 20)
- Re: Hashes,File protection,etc Tony (Oct 15)
- Re: Hashes,File protection,etc Roland Postle (Oct 15)
- Re: Hashes,File protection,etc Valdis . Kletnieks (Oct 15)
- Re: Hashes,File protection,etc Roland Postle (Oct 16)