Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: /instmsg/alias/annoying_web_logs ;)

From: Dave Aitel <dave () immunitysec com>
Date: 15 Oct 2002 10:09:00 -0400
Exchange and MSN Messanger are the top leads so far. :> Someone install
MSN Messanger and find out! (Doesn't ANYONE run that thing?) :>

-dave


On Tue, 2002-10-15 at 10:05, zeno wrote:


I get billions of these things too, its part of some MSN groups/chat 
thing, essentially it takes requests the "alias" of the email address 
(dave () immunitysec com => /instmsg/alias/dave). Might be fun to send back 


These things are damn annoying. I get probably 5 of these a day and 1 person keeps checking me every
few hours. 



some looooong responses ;) My favorites are all the ones that originate 
from microsoft "tide" addresses... They send me some funny referrers from 
their intranet servers once in a while too.



Ha. 



---
"Immunity also gets a lot of requests for /instmsg/alias/dave, which 
doesn't exist. I'm curious what web client plugin causes this behavior. 
And, I've noticed FrontPage makes PROPFIND, /_vti_bin/shtml.dll, and 
other FrontPage-style requests. Somewhere here I smell an exploitable 
client-side vulnerability."
---




I'm curious do we know this is MSN messanger? Anybody else know if AIM or another client sends
these requests?

- zeno

 

-- 
Dave Aitel <dave () immunitysec com>
Immunity, Inc

Attachment: signature.asc
Description: This is a digitally signed message part

Previous By Date Next
Previous By Thread Next

Current thread: