| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200312101801.hBAI1gQN022833@turing-police.cc.vt.edu> From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: RE: FWD: Internet Explorer URL parsing vulnerability On Wed, 10 Dec 2003 21:51:01 +1300, VeNoMouS <venom@...-x.co.nz> said: > and as for the why the %01 works, i can only assume as %01 is a non > printable character IE stops it there, its the same as if u would use %02 > and so on, or are you that moronic you dont understand character sets? Yes, we're so moronic that we fail to understand the brilliance of IE not bothering to print *printable* characters if they happen to follow a non-printing character. Most reasonable software will put in an outline-box or "\NNN", or other similar indication a glyph is not displayable in the charset in use, and then *continue trying* to render the rest of the string. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031210/19a7bc80/attachment.bin
Powered by blists - more mailing lists