Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: FWD: Internet Explorer URL parsing vulnerability

From: Georgi Guninski <guninski () guninski com>
Date: Wed, 10 Dec 2003 18:59:41 +0200
On Wed, 10 Dec 2003 16:06:20 +0100
Rainer Gerhards <rgerhards () hq adiscon com> wrote:


Just to add

http://www.microsoft.com:security%00 () www linux org/

works equally well with Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.2.1) Gecko/20030225 under Red Hat Linux 9. So it is not just an IE
issue...



On mozilla 1.5 the above does not work.
The location bar displays
http://www.microsoft.com:security%00 () www linux org/
which seems the expected behavior.


On linux more fun seems this:

http://www.microsoft.com__________________________________________________________________ () www fuckmicrosoft com/

georgi





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: