[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability

To: Rainer Gerhards <rgerhards@hq.adiscon.com>
Subject: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
From: Georgi Guninski <guninski@guninski.com>
Date: Wed, 10 Dec 2003 18:59:41 +0200

On Wed, 10 Dec 2003 16:06:20 +0100
Rainer Gerhards <rgerhards@hq.adiscon.com> wrote:

> Just to add
> 
> http://www.microsoft.com:security%00@www.linux.org/
> 
> works equally well with Mozilla/5.0 (X11; U; Linux i686; en-US;
> rv:1.2.1) Gecko/20030225 under Red Hat Linux 9. So it is not just an IE
> issue...
> 

On mozilla 1.5 the above does not work.
The location bar displays
http://www.microsoft.com:security%00@www.linux.org/
which seems the expected behavior.

On linux more fun seems this:

http://www.microsoft.com__________________________________________________________________@www.fuckmicrosoft.com/

georgi

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
  - From: "Rainer Gerhards" <rgerhards@hq.adiscon.com>
- RE: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
  - From: Rainer Gerhards <rgerhards@hq.adiscon.com>

Prev by Date: [Full-Disclosure] Cisco Security Advisory: Vulnerability in Authentication Library for ACNS
Next by Date: RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
Previous by thread: RE: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
Next by thread: Re: RE:Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
Index(es):
- Date
- Thread