lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: venom at gen-x.co.nz (VeNoMouS)
Subject: RE: FWD: Internet Explorer URL parsing vulnerability

for you information cock, i had tested it, and another person had already
replied on it saying it worked fag. so stfu and get a clue
----- Original Message ----- 
From: "S G Masood" <sgmasood@...oo.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Thursday, December 11, 2003 2:21 AM
Subject: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing
vulnerability


>
>
> I dont understand character sets, you say, but let me
> ask you one question - do you understand English? Let
> me give you a hint - The original post and the thread
> were about a URL masking vuln. in IE which just
> happened to use the http://a@b feature...the issue at
> hand was *not* that we could use http://a@b to
> somewhat obfuscate a URL. Now go and read the advisory
> and your post once
> again(http://dictionary.reference.com would probably
> help you).
>
> Did you really think full-disclosure members had
> fallen so low as to start a thread about the @ URL
> obfuscation?
>
> > and as for the why the %01 works, i can only assume
> > as %01 is a non
> > printable character IE stops it there, its the same
> > as if u would use %02
> > and so on, or are you that moronic you dont
> > understand character sets?
>
> Hmph! non printable character...%02...You call me a
> "moron" based on your slouchy "assumption". It would
> take you exactly 60seconds to test the validity of
> your ideas before posting. Remember to try the "%02"
> before you post once again.
>
> Stop disgracing yourself on a serious public forum
> with your stupid fantasies & assumptions and go gator
> some kiddie list.
>
> --
> S.G.Masood
>
>
> To Rest of The List - I never flame anyone but I
> simply couldn't stop this time :)
>
>
>
>
> >
> >
> > ----- Original Message ----- 
> > From: "S G Masood" <sgmasood@...oo.com>
> > To: <full-disclosure@...ts.netsys.com>
> > Sent: Wednesday, December 10, 2003 8:06 PM
> > Subject: Re: [Full-Disclosure] RE: FWD: Internet
> > Explorer URL parsing
> > vulnerability
> >
> >
> > >
> > > --- VeNoMouS <venom@...-x.co.nz> wrote:
> > >
> > > >umm tested this you dont need %01
> > > > either btw.
> > > >
> > > > www.microsoft.com@....linux.org
> > >
> > >
> > > What is your point? Have you read the original
> > post?
> > >
> > >
> > > Apart from this, does anyone have a "lowlevel"
> > > explanation why the %01 trick works?
> > >
> > >
> > > --
> > > iNt27~
> > >
> > >
> > >
> > >
> > >
> > > __________________________________
> > > Do you Yahoo!?
> > > Free Pop-Up Blocker - Get it now
> > > http://companion.yahoo.com/
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter:
> > http://lists.netsys.com/full-disclosure-charter.html
> > >
> >
>
>
> __________________________________
> Do you Yahoo!?
> Free Pop-Up Blocker - Get it now
> http://companion.yahoo.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ