[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20031210132136.71583.qmail@web60801.mail.yahoo.com>
From: sgmasood at yahoo.com (S G Masood)
Subject: RE: FWD: Internet Explorer URL parsing vulnerability
I dont understand character sets, you say, but let me
ask you one question - do you understand English? Let
me give you a hint - The original post and the thread
were about a URL masking vuln. in IE which just
happened to use the http://a@b feature...the issue at
hand was *not* that we could use http://a@b to
somewhat obfuscate a URL. Now go and read the advisory
and your post once
again(http://dictionary.reference.com would probably
help you).
Did you really think full-disclosure members had
fallen so low as to start a thread about the @ URL
obfuscation?
> and as for the why the %01 works, i can only assume
> as %01 is a non
> printable character IE stops it there, its the same
> as if u would use %02
> and so on, or are you that moronic you dont
> understand character sets?
Hmph! non printable character...%02...You call me a
"moron" based on your slouchy "assumption". It would
take you exactly 60seconds to test the validity of
your ideas before posting. Remember to try the "%02"
before you post once again.
Stop disgracing yourself on a serious public forum
with your stupid fantasies & assumptions and go gator
some kiddie list.
--
S.G.Masood
To Rest of The List - I never flame anyone but I
simply couldn't stop this time :)
>
>
> ----- Original Message -----
> From: "S G Masood" <sgmasood@...oo.com>
> To: <full-disclosure@...ts.netsys.com>
> Sent: Wednesday, December 10, 2003 8:06 PM
> Subject: Re: [Full-Disclosure] RE: FWD: Internet
> Explorer URL parsing
> vulnerability
>
>
> >
> > --- VeNoMouS <venom@...-x.co.nz> wrote:
> >
> > >umm tested this you dont need %01
> > > either btw.
> > >
> > > www.microsoft.com@....linux.org
> >
> >
> > What is your point? Have you read the original
> post?
> >
> >
> > Apart from this, does anyone have a "lowlevel"
> > explanation why the %01 trick works?
> >
> >
> > --
> > iNt27~
> >
> >
> >
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Free Pop-Up Blocker - Get it now
> > http://companion.yahoo.com/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.netsys.com/full-disclosure-charter.html
> >
>
__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/
Powered by blists - more mailing lists