Full Disclosure mailing list archives
Re: Re: Internet Explorer URL parsing vulnerability
From: Georgi Guninski <guninski () guninski com>
Date: Sat, 13 Dec 2003 01:06:46 +0200
On Fri, 12 Dec 2003 11:01:24 -0800 (PST) S G Masood <sgmasood () yahoo com> wrote:
Hello, I was expecting that someone would come up with an explanation as to why the 0x01 trick works. 0x00, 0x0A, 0x0D causing problems would be understandable but, 0x01 causing problems is somewhat strange. This is not the first time IE has a problem with the 0x01 byte embedded in the URL: [1]http://www.guninski.com/read.html [2]http://www.guninski.com/scrauto.html Since he discovered these previous issues, maybe Guninski has an explanation.
yes, m$ have had more serious problems with %01 in the past. my explanation is that they just suffer from brain damage and greediness. georgi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Re: Internet Explorer URL parsing vulnerability, (continued)
- RE: Re: Internet Explorer URL parsing vulnerability S G Masood (Dec 11)
- RE: Re: Internet Explorer URL parsing vulnerability S G Masood (Dec 12)
- RE: Re: Internet Explorer URL parsing vulnerability Funk Jr, Joseph C. (Dec 11)
- RE: Re: Internet Explorer URL parsing vulnerability Jarkko Turkulainen (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerability petard (Dec 11)
- RE: Re: Internet Explorer URL parsing vulnerability Schmehl, Paul L (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerability petard (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerability John Sage (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerability Erik van Straten (Dec 12)
- Re: Re: Internet Explorer URL parsing vulnerability petard (Dec 11)
- Re: Re: Internet Explorer URL parsing vulnerability S G Masood (Dec 12)
- Re: Re: Internet Explorer URL parsing vulnerability Georgi Guninski (Dec 12)