[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
From: petard <petard@freeshell.org>
Date: Thu, 11 Dec 2003 19:20:14 +0000

On Thu, Dec 11, 2003 at 11:49:07AM -0600, Schmehl, Paul L wrote:
> Hey, I like that one.  That's the first time I've even been to slashdot
> and see www.microsoft.com in the address bar.  :-)
>  
It gets better... it works with SSL sites as well. The little lock, and
no warning message:
http://petard.freeshell.org/hotmail-pr.html

petard

--
If your message really might be confidential, download my PGP key here:
http://petard.freeshell.org/petard.asc
and encrypt it. Otherwise, save bandwidth and lose the disclaimer.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
  - From: John Sage <jsage@finchhaven.com>
- Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
  - From: "Erik van Straten" <emvs.fd.3FB4D11C@cpo.tn.tudelft.nl>

References:
- RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
  - From: "Schmehl, Paul L" <pauls@utdallas.edu>

Prev by Date: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerabi lity
Next by Date: [Full-Disclosure] Re: A new TCP/IP blind data injection technique?
Previous by thread: RE: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
Next by thread: Re: [Full-Disclosure] Re: Internet Explorer URL parsing vulnerability
Index(es):
- Date
- Thread