Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

buffer overflow, using greek characters, AGAIN!

From: "MegaHz" <costcon () cytanet com cy>
Date: Wed, 17 Apr 2002 08:40:16 +0300
One year ago I discovered a buffer overflow in the address bar of IE 5.0 using
greek characters, look at:
http://www.cyhackportal.com/modules.php?name=News&file=article&sid=81


Today I discover this:
http://www.bestbuy.com.cy/cgi-bin/buy.storefront/<<<&aacute;x1388>>>/Product/View/CMPL_00_GDXbox


(do not use: <<<,>>>)
and yes, Internet explorer, exited by itself. Very strange. I don't know why,
pls try that 
I uploaded here a sample html, 
http://megahz.cyhackportal.com/hey.html

I test it out on 3 pcs I have at my work, but there was only one that seemed
to have the bug, and resolve on closing the IE.

maybe is bestbuy's problem, and the software they use,
the original url was:
http://www.bestbuy.com.cy/cgi-bin/buy.storefront/3cbbef7d0794c70e27a4c30e950106f2/Product/View/CMPL_00_GDXbox



maybe is storefronts problem...


pls test it out, and let me know, if that happens to u too, I use XP with the
ie6.0 (duh!)



Thank you,


/*
* Andreas Constantinides (MegaHz)
* http://www.cyhackportal.com
*
*/ 

_____________________________
CytaNet WebMail
http://webmail.cytanet.com.cy
Previous By Date Next
Previous By Thread Next

Current thread: