Full Disclosure mailing list archives
RE: 3 new MS patches next week...
From: Can Erkin Acar <canacar () eee metu edu tr>
Date: Mon, 12 Jan 2004 10:07:01 +0200
On Sun, Jan 11, 2004 at 12:17:23PM -0500, Exibar wrote:
This really long 'form action' item http://www.citibank.com:achaaa9uwdtyazjwvwaaaa9p398haaa9uwdtyazjwv waboundpyw wgc2l6zt00pjxtvgc2l6zt00pjxywwgc2l6zt00pjxt398haaa9uwdtyazjwvwaaou ndpywwgc2l 6zt00pjxtvgc2l6zt00pjxvgc2l6zt00pjxt@211.239.150.170/login/form.phpThe above http: line doesn't make use of the 0x01 exploit. In order to make use of that exploit, you NEED "0x01" in there just before the @ symbol.
Yes, however this is the link from the 'fake' page. The distributed pishing e-mail (which I also received) does contain 0x01 character at the proper place, on the 'Click here to login' link directing users to this login page. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: 3 new MS patches next week... but none fix 0x01! Exibar (Jan 09)
- <Possible follow-ups>
- RE: 3 new MS patches next week... but none fix 0x01! tlarholm (Jan 09)
- Re: 3 new MS patches next week... but none fix 0x01! J G (Jan 10)
- RE: 3 new MS patches next week... but none fix 0x01! David Bartholomew (Jan 10)
- re: Citibank phishing email Jim Race (Jan 10)
- RE: [inbox] RE: 3 new MS patches next week... Exibar (Jan 11)
- RE: 3 new MS patches next week... Can Erkin Acar (Jan 12)
- RE: 3 new MS patches next week... but none fix 0x01! David Bartholomew (Jan 10)
- Re: 3 new MS patches next week... but none fix 0x01! Mary Landesman (Jan 10)
- Re: 3 new MS patches next week... but none fix 0x01! Ray P (Jan 10)
- RE: 3 new MS patches next week... but none fix 0x01! Paul Szabo (Jan 10)
- RE: 3 new MS patches next week... but none fix 0x01! David Bartholomew (Jan 11)