Full Disclosure mailing list archives

Re: RE: FWD: Internet Explorer URL parsing vulnerability

From: Valdis.Kletnieks () vt edu
Date: Wed, 10 Dec 2003 13:01:42 -0500

On Wed, 10 Dec 2003 21:51:01 +1300, VeNoMouS <venom () gen-x co nz>  said:

and as for the why the %01 works, i can only assume as %01 is a non
printable character IE stops it there, its the same as if u would use %02
and so on, or are you that moronic you dont understand character sets?


Yes, we're so moronic that we fail to understand the brilliance of IE not bothering
to print *printable* characters if they happen to follow a non-printing character.

Most reasonable software will put in an outline-box or "\NNN", or other similar
indication a glyph is not displayable in the charset in use, and then *continue
trying* to render the rest of the string.

Attachment: _bin
Description:

Current thread:

RE: RE: FWD: Internet Explorer URL parsing vulnerability, (continued)
- - - RE: RE: FWD: Internet Explorer URL parsing vulnerability Chris S (Dec 09)
  - Re: RE: FWD: Internet Explorer URL parsing vulnerability Michal Zalewski (Dec 09)
    - Re: RE: FWD: Internet Explorer URL parsing vulnerability Nick FitzGerald (Dec 09)
  - Re: RE: FWD: Internet Explorer URL parsing vulnerability Clint Bodungen (Dec 09)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 09)
- RE: Internet Explorer URL parsing vulnerability http-equiv () excite com (Dec 09)
- RE: FWD: Internet Explorer URL parsing vulnerability Julian HO Thean Swee (Dec 09)
  - Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 09)
    - Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 09)
    - Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 10)
    - Re: RE: FWD: Internet Explorer URL parsing vulnerability Valdis . Kletnieks (Dec 10)
    - Re: RE: FWD: Internet Explorer URL parsing vulnerability Cedric Blancher (Dec 10)
    - Re: RE: FWD: Internet Explorer URL parsing vulnerability S G Masood (Dec 11)
    - Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 11)
    - Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 10)
    - Re: RE: FWD: Internet Explorer URL parsing vulnerability Exibar (Dec 10)
    - RES: RE: FWD: Internet Explorer URL parsing vulnerability Cleber P. de Souza (Dec 10)
- Re: RE: FWD: Internet Explorer URL parsing vulnerability VeNoMouS (Dec 09)
- Re: Internet Explorer URL parsing vulnerability Feher Tamas (Dec 10)
  - Re: Re: Internet Explorer URL parsing vulnerability Frank de Wit (Dec 10)
  - Re: Re: Internet Explorer URL parsing vulnerability Jedi/Sector One (Dec 10)

(Thread continues...)