Vulnerability Development mailing list archives
Re: ie5 and .doc URLs
From: security-lists () SERVER KAPOW DK (security-lists () SERVER KAPOW DK)
Date: Fri, 9 Jun 2000 21:08:56 +0200
xxx - "GET /_vti_inf.html HTTP/1.0" 200 3042 xxx - "POST /_vti_bin/shtml.exe/_vti_rpc HTTP/1.0" 302 215
I do not know anything about anything, but I recognice the _vti_-thingies as something comming with the frontpage-extensions to apache, so I guess the thing hopes to talk to something like frontpage. The implications is left as an exercise to the interested reader ;-) Hope this was useful in some way. /Nikolaj
So, it seems IE5 has a rather mononeuronal behaviour when dealing with .doc URLs. I am actually wondering whether the fact that the shtml.exe is called with the POST method could allow something *bad* to be performed against IE5. I believe a GET would have been OK, but what about POST?
Current thread:
- Re: krb5 1.1.1, (continued)
- Re: krb5 1.1.1 Mariusz Woloszyn (Jun 05)
- ADV: /con/con is yet exploitable on most fservs Paulo Ribeiro (Jun 07)
- Re: ADV: /con/con is yet exploitable on most fservs Cam (Jun 08)
- Re: A<D>V: /con/con is yet exploitable on most fservs Niall Smart (Jun 08)
- weird bug found marco (Jun 09)
- Re: weird bug found hypoclear - lUSt - (Linux Users Strike Today) (Jun 09)
- ie5 and .doc URLs Olivier Thereaux (Jun 09)
- Re: ie5 and .doc URLs Chris Tobkin (Jun 09)
- Re: ie5 and .doc URLs Olle Segerdahl (Jun 09)
- mdaemon 2.8.5.0 DoS Craig (Jun 09)
- Re: ie5 and .doc URLs security-lists () SERVER KAPOW DK (Jun 09)
- Re: ie5 and .doc URLs Jason Haar (Jun 11)
- ADV: /con/con is yet exploitable on most fservs Paulo Ribeiro (Jun 07)
- Re: krb5 1.1.1 Mariusz Woloszyn (Jun 05)
- Re: krb5 1.1.1 horio shoichi (Jun 07)