Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: RE: 3 new MS patches next week... but none fix 0x01!

RE: 3 new MS patches next week... but none fix 0x01!

From: Paul Szabo <psz_at_maths.usyd.edu.au>
Date: Sun, 11 Jan 2004 16:37:21 +1100 (EST)

> ... and I've got this question for the list:
>
> This really long 'form action' item
> http://www.citibank.com:achaaa9uwdtyazjwvwaaaa9p398haaa9uwdtyazjwvwaboundpyw
> wgc2l6zt00pjxtvgc2l6zt00pjxywwgc2l6zt00pjxt398haaa9uwdtyazjwvwaaoundpywwgc2l
> 6zt00pjxtvgc2l6zt00pjxvgc2l6zt00pjxt_at_211.239.150.170/login/form.php
>
> obviously contains the 0x01 exploit. What I'm curious about is the HUGE
> amount of crap in between the : and the @ sign. I mean, if the 0x01 exploit
> is 'good enough', what's with the extra characters?

Hmmm... where in there do you see %01? No, that is no 0x01 exploit, but
just user:password_at_host quasi-RFC-compliant usage. The string is long so
as to leave the user staring at the citibank+gibberish part, not to be
made suspicious of the @IP part.

Cheers,

Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Jan 11 2004

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos