check out www.zapthedingbat.com/securit...vun1.htm
for a demo of this new error. It only work with IE though... It passes a false address to the browser by adding a 0x01 bit to the URL...
for a demo of this new error. It only work with IE though... It passes a false address to the browser by adding a 0x01 bit to the URL...
-
Re: New IE vulnerability
Thu, December 11, 2003 - 11:52 AMASCII 001 is SOH, start of header. I guess IE takes that a bit too literally. -
-
Re: New IE vulnerability
Thu, December 11, 2003 - 12:28 PMyeah, it's a huge security flaw...
I can imagine all the fun that could be had with that... -
-
Re: New IE vulnerability
Thu, December 11, 2003 - 12:50 PMwww.google.com%00@www.microsoft.com/
Works for status line, but not URL bar in Firebird (my tests) and other Mozilla derivatives (BugTraq post).
-
-
