Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: /instmsg/alias/annoying_web_logs ;)

Re: /instmsg/alias/annoying_web_logs ;)

From: zeno <bugtraq_at_cgisecurity.net>
Date: Tue, 15 Oct 2002 22:15:20 -0400 (EDT)

>
>
> --=-B7AqP1iWfBBvKe0JfVO6
> Content-Type: text/plain
> Content-Transfer-Encoding: quoted-printable
>
> Originally it is about an article from Immunity's website
> (http://www.immunitysec.com/dailydave/)
> -dave

Ah sorry I've never read your website. This is a known issue actually for people who pay attention
To the weblogs.

- zeno

>
>
> On Tue, 2002-10-15 at 13:59, Elan Hasson wrote:
> > What the hell is this thread about?
> >=20
> > -----Original Message-----
> > From: zeno [mailto:bugtraq_at_cgisecurity.net]
> > Sent: Tuesday, October 15, 2002 10:05 AM
> > To: H D Moore
> > Cc: Dave Aitel; dan_at_doxpara.com; vuln-dev_at_securityfocus.com
> > Subject: Re: /instmsg/alias/annoying_web_logs ;)
> >=20
> >=20
> > >
> > > I get billions of these things too, its part of some MSN groups/chat
> > > thing, essentially it takes requests the "alias" of the email address
> > > (dave_at_immunitysec.com =3D> /instmsg/alias/dave). Might be fun to send b=
> ack
> >=20
> > These things are damn annoying. I get probably 5 of these a day and 1 per=
> son
> > keeps checking me every
> > few hours.
> >=20
> >=20
> > > some looooong responses ;) My favorites are all the ones that originate
> > > from microsoft "tide" addresses... They send me some funny referrers fr=
> om
> > > their intranet servers once in a while too.
> > >
> >=20
> > Ha.
> >=20
> >=20
> > > ---
> > > "Immunity also gets a lot of requests for /instmsg/alias/dave, which
> > > doesn't exist. I'm curious what web client plugin causes this behavior.
> > > And, I've noticed FrontPage makes PROPFIND, /_vti_bin/shtml.dll, and
> > > other FrontPage-style requests. Somewhere here I smell an exploitable
> > > client-side vulnerability."
> > > ---
> > >
> >=20
> >=20
> > I'm curious do we know this is MSN messanger? Anybody else know if AIM or
> > another client sends
> > these requests?
> >=20
> > - zeno
> >=20
> >=20
> --=20
> Dave Aitel <dave_at_immunitysec.com>
> Immunity, Inc
>
> --=-B7AqP1iWfBBvKe0JfVO6
> Content-Type: application/pgp-signature; name=signature.asc
> Content-Description: This is a digitally signed message part
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iD8DBQA9rMgzB8JNm+PA+iURAkazAKDnldsHKa+lJwho94L4ruj4Z7tYFgCgnfH5
> 5yvUOI5QULCUhH7UJiqibsw=
> =6xEz
> -----END PGP SIGNATURE-----
>
> --=-B7AqP1iWfBBvKe0JfVO6--
>
>
Received on Oct 16 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos