Full Disclosure mailing list archives

Re: IE 0x01 Byte URL Spoofing Vulnerability[Scriptless PoC Exploit & Additional Details]

From: Piotr Bulczak <piotr.bulczak () pl abb com>
Date: Sat, 13 Dec 2003 12:08:47 +0100

2. SCRIPTING is NOT NECESSARY to exploit this vulnerability.
A hex editor can be used to embed the 0x01 byte. See the attached

exploit.

Why hex editor? Just put &#001; code instead.

cheers,
Piotr


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

IE 0x01 Byte URL Spoofing Vulnerability[Scriptless PoC Exploit & Additional Details] S G Masood (Dec 12)
- Re: IE 0x01 Byte URL Spoofing Vulnerability[Scriptless PoC Exploit & Additional Details] Piotr Bulczak (Dec 13)