Full Disclosure mailing list archives
Re: RE: FWD: Internet Explorer URL parsing vulnerability
From: "Exibar" <exibar () thelair com>
Date: Wed, 10 Dec 2003 10:53:15 -0500
ummm, it doesn't seem that is the case. the entire reason for the %01@ is to hide the name of the site that you're actually on. In my example of www.microsoft.com%01 () www linux org if you click on that link, then look in the address bar, it looks like you're on www.microsoft.com but you're really on www.linux.org . that is what's stated in the original post. Exibar ----- Original Message ----- From: "VeNoMouS" <venom () gen-x co nz> To: "S G Masood" <sgmasood () yahoo com>; <full-disclosure () lists netsys com> Sent: Wednesday, December 10, 2003 3:27 AM Subject: Re: [Full-disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
pft sif i read the orignal posts ----- Original Message ----- From: "S G Masood" <sgmasood () yahoo com> To: <full-disclosure () lists netsys com> Sent: Wednesday, December 10, 2003 8:06 PM Subject: Re: [Full-disclosure] RE: FWD: Internet Explorer URL parsing vulnerability--- VeNoMouS <venom () gen-x co nz> wrote:umm tested this you dont need %01 either btw. www.microsoft.com () www linux orgWhat is your point? Have you read the original post? Apart from this, does anyone have a "lowlevel" explanation why the %01 trick works? -- iNt27~ __________________________________ Do you Yahoo!? Free Pop-Up Blocker - Get it now http://companion.yahoo.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Internet Explorer URL parsing vulnerability, (continued)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 09)
- RE: FWD: Internet Explorer URL parsing vulnerability Julian HO Thean Swee (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Valdis . Kletnieks (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Cedric Blancher (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 11)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 11)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 09)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability Exibar (Dec 10)
- RES: RE: FWD: Internet Explorer URL parsing vulnerability Cleber P. de Souza (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Frank de Wit (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Jedi/Sector One (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Ricardo Moura (Dec 12)
- Re: Re: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability S G Masood (Dec 10)
- Re: Re: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 10)