Vulnerability Development mailing list archives
Strange IE / Windows Behaviour
From: Paul Brereton <paul.brereton () it-security-audit com>
Date: 13 Feb 2003 00:03:09 -0000
Guys, I noticed that when you request a long url using IE in wither windows 2000 or windows XP for example: http://www.somehost.com/exisingfile.htm? aaaaaaaaaaaaaaaaaaaaa[about 256 times or so], the webpage takes on a different name when saving to disk such as QUFOU28S.htm . This also happens when you attemp to download a file with a long url ie: .gif? aaaaaaaaaaaaaaaaaaaaaaa etc,.... Also, the more aaaaaa's that are appended, the different the response is. My questions are : 1.) Is this a small hashing functionality built into windows to prevent long filenames from being downloaded and causing problems. or 2.) Is it a screw up in windows? Possibly a buffer overflow?. I have noticed that this type of naming is used for some temprorary files. What is going on. RFCP (Request for comments please) :-) Regards, Paul.
Current thread:
- Strange IE / Windows Behaviour Paul Brereton (Feb 13)