Full Disclosure mailing list archives

Re: RE: FWD: Internet Explorer URL parsing vulnerability

From: "S . f . Stover" <attica () stackheap org>
Date: Tue, 9 Dec 2003 09:16:25 -0500

On 09 Dec 03 10:22:59AM S G Masood[sgmasood () yahoo com] wrote:
: ># POC ##########
: >http://www.zapthedingbat.com/security/ex01/vun1.htm
: 

Interestingly enough, MSIE for OS X doesn't display this behavior.  My address
bar contained this URL:

http://www.microsoft.com%01 () zapthedingbat com/security/ex01/vun2.htm



-- 

aka Dolph Longhorn
GPG Key ID: 0xF8F859D0
http://pgp.mit.edu:11371/pks/lookup?search=0xF8F859D0&op=index

"There is no such thing as right and wrong, there's just popular opinion."
-Jeffrey Goines

Attachment: _bin
Description:

Current thread:

RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
  - Re: Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S . f . Stover (Dec 09)
  - Re: RE: FWD: Internet Explorer URL parsing vulnerability Jeremiah Cornelius (Dec 09)
- <Possible follow-ups>
- FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
  - Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
    - Re: RE: FWD: Internet Explorer URL parsing vulnerability Nick FitzGerald (Dec 09)
    - RE: RE: FWD: Internet Explorer URL parsing vulnerability Chris S (Dec 09)
  - Re: RE: FWD: Internet Explorer URL parsing vulnerability Michal Zalewski (Dec 09)
    - Re: RE: FWD: Internet Explorer URL parsing vulnerability Nick FitzGerald (Dec 09)
  - Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 09)

(Thread continues...)