Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: 3 new MS patches next week... but none fix 0x01!

From: psz () maths usyd edu au (Paul Szabo)
Date: Sun, 11 Jan 2004 16:37:21 +1100 (EST)
... and I've got this question for the list:

This really long 'form action' item
http://www.citibank.com:achaaa9uwdtyazjwvwaaaa9p398haaa9uwdtyazjwvwaboundpyw
wgc2l6zt00pjxtvgc2l6zt00pjxywwgc2l6zt00pjxt398haaa9uwdtyazjwvwaaoundpywwgc2l
6zt00pjxtvgc2l6zt00pjxvgc2l6zt00pjxt@211.239.150.170/login/form.php

obviously contains the 0x01 exploit. What I'm curious about is the HUGE
amount of crap in between the : and the @ sign. I mean, if the 0x01 exploit
is 'good enough', what's with the extra characters?


Hmmm... where in there do you see %01? No, that is no 0x01 exploit, but
just user:password@host quasi-RFC-compliant usage. The string is long so
as to leave the user staring at the citibank+gibberish part, not to be
made suspicious of the @IP part.

Cheers,

Paul Szabo - psz () maths usyd edu au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: