Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability

["Exibar" <exibar@thelair.com>]

ummm, it doesn't seem that is the case.  the entire reason for the %01@ is
to hide the name of the site that you're actually on.  In my example of
www.microsoft.com%01@www.linux.org  if you click on that link, then look in
the address bar, it looks like you're on www.microsoft.com but you're really
on www.linux.org .

   that is what's stated in the original post.

  Exibar

----- Original Message ----- 
From: "VeNoMouS" <venom@gen-x.co.nz>
To: "S G Masood" <sgmasood@yahoo.com>; <full-disclosure@lists.netsys.com>
Sent: Wednesday, December 10, 2003 3:27 AM
Subject: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing
vulnerability


> pft sif i read the orignal posts
> ----- Original Message ----- 
> From: "S G Masood" <sgmasood@yahoo.com>
> To: <full-disclosure@lists.netsys.com>
> Sent: Wednesday, December 10, 2003 8:06 PM
> Subject: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing
> vulnerability
>
>
> >
> > --- VeNoMouS <venom@gen-x.co.nz> wrote:
> >
> > >umm tested this you dont need %01
> > > either btw.
> > >
> > > www.microsoft.com@www.linux.org
> >
> >
> > What is your point? Have you read the original post?
> >
> >
> > Apart from this, does anyone have a "lowlevel"
> > explanation why the %01 trick works?
> >
> >
> > --
> > iNt27~
> >
> >
> >
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Free Pop-Up Blocker - Get it now
> > http://companion.yahoo.com/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html