Vulnerability Development: RE: /instmsg/alias/annoying_web

From: Dave Aitel <dave_at_immunitysec.com>
Date: 15 Oct 2002 22:00:20 -0400

Originally it is about an article from Immunity's website
(http://www.immunitysec.com/dailydave/)
-dave

On Tue, 2002-10-15 at 13:59, Elan Hasson wrote:
> What the hell is this thread about?
>
> -----Original Message-----
> From: zeno [mailto:bugtraq_at_cgisecurity.net]
> Sent: Tuesday, October 15, 2002 10:05 AM
> To: H D Moore
> Cc: Dave Aitel; dan_at_doxpara.com; vuln-dev_at_securityfocus.com
> Subject: Re: /instmsg/alias/annoying_web_logs ;)
>
>
> >
> > I get billions of these things too, its part of some MSN groups/chat
> > thing, essentially it takes requests the "alias" of the email address
> > (dave_at_immunitysec.com => /instmsg/alias/dave). Might be fun to send back
>
> These things are damn annoying. I get probably 5 of these a day and 1 person
> keeps checking me every
> few hours.
>
>
> > some looooong responses ;) My favorites are all the ones that originate
> > from microsoft "tide" addresses... They send me some funny referrers from
> > their intranet servers once in a while too.
> >
>
> Ha.
>
>
> > ---
> > "Immunity also gets a lot of requests for /instmsg/alias/dave, which
> > doesn't exist. I'm curious what web client plugin causes this behavior.
> > And, I've noticed FrontPage makes PROPFIND, /_vti_bin/shtml.dll, and
> > other FrontPage-style requests. Somewhere here I smell an exploitable
> > client-side vulnerability."
> > ---
> >
>
>
> I'm curious do we know this is MSN messanger? Anybody else know if AIM or
> another client sends
> these requests?
>
> - zeno
>
>

-- 
Dave Aitel <dave_at_immunitysec.com>
Immunity, Inc

application/pgp-signature attachment: This is a digitally signed message part

Received on Oct 16 2002

RE: /instmsg/alias/annoying_web_logs ;)