RE: /instmsg/alias/annoying_web_logs ;)

["Elan Hasson" <elan () daryl org>]

What the hell is this thread about?

-----Original Message-----
From: zeno [mailto:bugtraq () cgisecurity net]
Sent: Tuesday, October 15, 2002 10:05 AM
To: H D Moore
Cc: Dave Aitel; dan () doxpara com; vuln-dev () securityfocus com
Subject: Re: /instmsg/alias/annoying_web_logs ;)


> I get billions of these things too, its part of some MSN groups/chat
> thing, essentially it takes requests the "alias" of the email address
> (dave () immunitysec com => /instmsg/alias/dave). Might be fun to send back

These things are damn annoying. I get probably 5 of these a day and 1 person
keeps checking me every
few hours.


> some looooong responses ;) My favorites are all the ones that originate
> from microsoft "tide" addresses... They send me some funny referrers from
> their intranet servers once in a while too.

Ha.


> ---
> "Immunity also gets a lot of requests for /instmsg/alias/dave, which
> doesn't exist. I'm curious what web client plugin causes this behavior.
> And, I've noticed FrontPage makes PROPFIND, /_vti_bin/shtml.dll, and
> other FrontPage-style requests. Somewhere here I smell an exploitable
> client-side vulnerability."
> ---


I'm curious do we know this is MSN messanger? Anybody else know if AIM or
another client sends
these requests?

- zeno