Full Disclosure mailing list archives
Re: (no subject)
From: Valdis.Kletnieks () vt edu
Date: Fri, 05 Dec 2003 21:42:32 -0500
On Sat, 06 Dec 2003 11:00:35 +1300, Nick FitzGerald <nick () virus-l demon co uk> said:
Indeed -- this is a classic exploit of a classic case of several _really, really BAD_ design decisions.
Mea culpa. Ignore my previous posting. I thought you were flaming the guys at visa.com, when most of the blame goes to the crackheads who desighed the HTTP URI format and the crackheads at MS who implemented it. ;)
Attachment:
_bin
Description:
Current thread:
- (no subject) http-equiv () excite com (Dec 05)
- Re: (no subject) Nick FitzGerald (Dec 05)
- Re: (no subject) Valdis . Kletnieks (Dec 05)
- Re: (no subject) Valdis . Kletnieks (Dec 05)
- Re: (no subject) Nick FitzGerald (Dec 05)
- Re: (no subject) Valdis . Kletnieks (Dec 05)
- Re: (no subject) Nick FitzGerald (Dec 05)
- <Possible follow-ups>
- (no subject) shurikx1 (Dec 29)
- Cross Site Scripting in miniBB 1.7 (latest) and earlier Chintan Trivedi (Dec 29)