[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
From: Cedric Blancher <blancher@cartel-securite.fr>
Date: Wed, 10 Dec 2003 22:06:06 +0100

Le mer 10/12/2003 à 09:51, VeNoMouS a écrit :
> and as for the why the %01 works, i can only assume as %01 is a non
> printable character IE stops it there, its the same as if u would use %02
> and so on, or are you that moronic you dont understand character sets?

I think I can only thank my moronic Galeon browser for not understanding
character sets ! As it can't print %01, it just keep it this way in the
URL he prints within address field, such as it does with any character
that should not appear within a URL.

By the way, not being able to print %01, does not mean you just have to
stop. It should not prevent you from printing the following printable
characters.

-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread! 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
  - From: S G Masood <sgmasood@yahoo.com>
- Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
  - From: "VeNoMouS" <venom@gen-x.co.nz>

Prev by Date: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
Next by Date: [Full-Disclosure] Before you post or reply...
Previous by thread: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
Next by thread: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability
Index(es):
- Date
- Thread