Full Disclosure mailing list archives
RE: Re: Internet Explorer URL parsing vulnerabi lity
From: "Bill Royds" <full-disclosure () royds net>
Date: Thu, 11 Dec 2003 20:27:20 -0500
Even better check out (from RFC1738) 3.3. HTTP The HTTP URL scheme is used to designate Internet resources accessible using HTTP (HyperText Transfer Protocol). The HTTP protocol is specified elsewhere. This specification only describes the syntax of HTTP URLs. An HTTP URL takes the form: http://<host>:<port>/<path>?<searchpart> where <host> and <port> are as described in Section 3.1. If :<port> is omitted, the port defaults to 80. No user name or password is allowed. <path> is an HTTP selector, and <searchpart> is a query string. The <path> is optional, as is the <searchpart> and its preceding "?". If neither <path> nor <searchpart> is present, the "/" may also be omitted. Within the <path> and <searchpart> components, "/", ";", "?" are reserved. The "/" character may be used within HTTP to designate a hierarchical structure. Which says that a browser should not allow the username:password part for a HTTP protocol base URL -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Mortis Sent: December 11, 2003 6:46 PM To: full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Re: Internet Explorer URL parsing vulnerabi lity
Using internet explorer, you can also put http://whateverhere () google com and that will take you to google. It only matters what you put after the @ sign. I noticed that one day while putting in my email address in for hotmail.
J, Check out 3.1 in this doc. http://www.faqs.org/rfcs/rfc1738.html I haveto clean the beeeeer off my keyyyyboard. :) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Re: Internet Explorer URL parsing vulnerabi lity jbruce (Dec 11)
- RE: Re: Internet Explorer URL parsing vulnerabi lity Mortis (Dec 11)
- RE: Re: Internet Explorer URL parsing vulnerabi lity Bill Royds (Dec 11)
- RE: Re: Internet Explorer URL parsing vulnerabi lity Nick FitzGerald (Dec 12)
- RE: Re: Internet Explorer URL parsing vulnerabi lity Bill Royds (Dec 12)
- RE: Re: Internet Explorer URL parsing vulnerabi lity Mortis (Dec 11)